Page 28 - SyI Quarterly - Q3 and Q4 Edition 2023
P. 28
Know your Institute
Know your Institute
Industrial Safety and Protective Security: A Cheese
& Onion Flavour
By Frank Cannon CSyP FSyP
5. A Protective Security Mindset: The Onion Skin Defence-In-Depth Approach
The exact year when the onion skin defence-in-depth approach was first used in the protective security
industry is difficult to determine as it has evolved over time and its origins are not attributed to a
specific event or moment. However, the concept of layered defence, which forms the basis of the onion
skin approach, has been employed in security practices for many years. While it is challenging to
pinpoint the exact origin of the analogy, Bruce Schneier has extensively written about and advocated for
the use of the onion skin metaphor to describe the layered defence approach in his books and articles.
“Onion Skin Defence-In-Depth” is a concept used in protective security to describe a layered approach to
safeguarding people, property, or information. It draws an analogy to the layers of an onion where each
layer provides an additional level of protection. This approach aims to create multiple barriers to deter
and mitigate threats, making it more difficult for adversaries to breach the security perimeter and reach
valuable targets.
Here is an explanation of the Onion Skin Defence-in-Depth concept:
5.1. Outer Layer: The outermost layer represents the initial line of defence and serves as a deterrent
to potential threats. It includes measures such as perimeter fencing, access control systems, signage,
and visible security personnel. This layer is designed to create a visible presence and discourage
unauthorised individuals from attempting to breach the security perimeter.
5.2. Middle Layer: The middle layer builds upon
the outer layer and focuses on physical security
measures. It includes elements such as reinforced
doors, locks, barriers, surveillance cameras, and
intrusion detection systems. This layer is aimed at
detecting and delaying unauthorised access, giving
security personnel or police officers additional time to
respond to adversarial attacks.
5.3. Inner Layer: The inner layer represents the
last line of defence and is primarily concerned with
protecting specific assets, sensitive information, or
critical infrastructure. It involves additional security
measures such as access controls, biometric systems,
security officers, encryption, firewalls, and other
protective technologies. This layer is designed to
reduce or minimise the impact of a security breach,
providing a strong defence for the most critical
elements of the protected entity.
28