Defense in depth uses multiple independent layers of security — if one fails, others remain. Physical → Perimeter → Network → Host → Application → Data.
No single control is sufficient. Layering means an attacker must defeat multiple controls to succeed. On exam questions, when asked about a comprehensive security approach — defense in depth.