What principle of information security states that an organization should implement overlapping security controls whenever possible?

Defense in depth states that organizations should have overlapping security controls designed to meet the same security objectives whenever possible. This approach provides security in the event of a single control failure. Least privilege ensures that an individual has only the minimum set of permissions necessary to carry out their assigned job functions and does not require overlapping controls. Separation of duties requires that one person not have permission to perform two separate actions that, when combined, carry out a sensitive function. Security through obscurity attempts to hide the details of security controls to add security to them. Neither separation of duties nor security through obscurity involves overlapping controls.