What security strategy uses multiple layers of controls to protect information?

Layered security, or defense in depth, protects information by applying multiple, overlapping controls across different layers so that if one layer is bypassed, others still provide protection. This approach combines preventive measures (like strong access controls and authentication), detective measures (such as monitoring and intrusion detection), and corrective actions (like backups and incident response) across technology, processes, and people. Because it explicitly relies on several protections working together, it matches the idea of using multiple layers to guard information. The other options describe a single protective measure (single-layer security), a security model that emphasizes continuous verification and not trusting by default (zero trust), or a specific control targeting data at rest (encryption at rest), none of which convey the broad, multi-layer strategy.