Make sure that an idea of separation of responsibilities is implemented and rational entry controls and account lockout/disabling controls are in place. Observe that the third layer from The underside is known as Network, but network security would not implement only to this layer. Knowledge loss avoidance refers to https://ieeexplore.ieee.org/document/9941250