The concept of layered security can be compared to an onion, says Alexander Laham, information security manager at Lawrence General Hospital in Massachusetts. Here are examples of varying layers of security measures implemented to defend against some threats. “As you work your way out from the inside, you are met with progressive layers of protection—the inside of that onion being whatever critical asset you are trying to protect; for hospitals that is primarily” protected health information (PHI) and electronic PHI, Laham says. “Typically, the layers involve the data (assets), people, physical space, endpoints (devices), software (applications), and network (firewalls). Defense methods depend on the specific threat and reasonable defense options available to the organization.” He notes the examples are not fully developed; they are a snapshot of the types of measures that could be taken to defend assets. Contact Laham at alexander.laham@lawrencegeneral.org.