When two or more controls work in parallel to protect an asset, what is this called?

When two or more controls work in parallel to protect an asset, this is referred to as redundancy. Redundancy is a critical principle in cybersecurity and risk management that involves implementing multiple layers of controls that serve a similar function. By having backup mechanisms in place, if one control fails or is bypassed, others can still provide the necessary protection. This approach enhances the overall security posture of an organization by reducing the likelihood of a single point of failure.

In the context of cybersecurity, redundancy can be illustrated with examples such as multiple firewalls or intrusion detection systems. If one firewall is compromised or fails to identify an attack, the additional firewalls can still mitigate the risk, thus ensuring continued protection of the asset.

Layering, on the other hand, refers to the strategy of implementing various controls at different levels (such as physical, technical, and administrative) rather than having duplicate controls at the same level. Isolation pertains to separating systems or components to limit exposure, while segmentation involves dividing networks into segments to enhance security management. Although these concepts are all important in a robust cybersecurity framework, they do not specifically refer to the parallel operation of multiple similar controls that redundancy describes.