The concept of Onion Skin Defence-in-Depth recognises
           that no single layer of security is fool proof. By
           implementing multiple layers of protection, each with
           its own unique characteristics and strengths, the overall
           security posture becomes stronger and more resilient.
           Even if one layer is breached, there are additional layers
           in place to impede further progress and increase the
           chances of detection or intervention.

           The Onion Skin Defence-in-Depth approach is not
           limited to physical security measures but can also be
           applied to cybersecurity, information security, and
           other domains where protection of assets is crucial. In
           these contexts, layers may include firewalls, intrusion.

           The development of an appropriate security culture, where the right secure behaviours are adopted
           by an organisation’s workforce can be an essential element of a protective security defence-in-depth.
           By adopting desired behaviours, the leadership, employees, contractors, visitors, and suppliers can be
           a huge force multiplier, at a relatively low cost, in strengthening the overall resilience to security events
           and adversarial attacks.


           A Behavioural-Based Security (BBS) programme should be risk-based and concentrate on what a person
           needs to know to meet the organisation’s security expectations. Workforce behaviour and staff vigilance
           are amongst the most off-putting factors for someone who is up to no good; it makes them think that
           they are being watched and that they are more likely to be detected and intercepted.

           When workers support protective security through their behaviours, by being vigilant and report
           suspicious activities, they provide a deterrent, create an early warning mechanism, and assist in initiating
           an impactful and proportionate response. This reduces the likelihood of a security event, limits the
           negative consequence, and reduces the lost work time. By using the workforce eyes and ears, the
           chances of keeping an organisation’s people and property safe are significantly enhanced.

           By adopting a layered Defence-in-Depth concept —like that of an onion skin— organisations can
           enhance their overall security posture, deter potential threats, detect intrusions early, delay the adver-
           sary’s attack plan, and minimise the potential impact of security incidents. This layered approach pro-
           vides a comprehensive and robust defence against a wide range of adversaries and attack vectors.

           6.      Does there need to be a difference between the Industrial Safety and Protective
           Security Risk Management approach?

           Whilst the Swiss Cheese Model and the protective security Onion Skin Defence-in-Depth concept share
           some similarities in their approach to risk management and protection, they are primarily designed for
           different domains—industrial safety and protective security, respectively. Let’s assess their synergies:


           6.1.    Layered Approach. Both models embrace a layered approach to risk mitigation. The Swiss
           Cheese Model emphasises the need for multiple layers of defence to prevent accidents, whilst the Onion
           Skin Defence-in-Depth concept focuses on creating multiple barriers to deter and mitigate threats in
           protective security. Both concepts recognise that relying on a single layer of defence is insufficient and
           that multiple layers increase the overall robustness of the system.




                                                             29