The strategy of containment attempts to control access to an information system. One approach involves making potential
targets as unattractive as possible. This can be achieved in several ways but a common method involves creating the
impression that the target information system contains data of little or no value. It would be pointless, for example,
attempting to steal data that had been encrypted the data would effectively be useless to anyone except the owner. A
second technique involves creating an effective series of defences against potential threats. If the expense, time and effort
required to gain access to the information system is greater than any benefits derived from gaining access, then intrusion
becomes less likely. However, defences must be continually improved and upgraded in order to keep up with advances
in technology and the increasing sophistication of hackers. Thus, such as approach tends to be expensive in terms of
organisational resources. A third approach involves removing the target information system from potential threats. Typical
ways in which this might be achieved include distributing assets across a large geographical area, distributing important
data across the entire organisation or isolating important systems.