Page 31 - SyI Quarterly - Q3 and Q4 Edition 2023
P. 31

On the other hand, adopting the Onion Skin Defence-in-Depth concept enhances the organisation’s
          ability to protect against adversarial attacks by motivated and capable threat actors. It involves the
          implementation of multiple layers of protective security measures, including physical, technological, and
          procedural [behavioural] defences. This approach makes it more challenging for adversaries to breach
          the site perimeter and reach valuable targets. By having a layered defence, the organisation can deter
          and detect potential attacks, delay adversaries’ progress, and provide sufficient time to initiate a
          pre-planned and frequently rehearsed response.


          Combining both the Swiss Cheese Model and Defence-in-Depth principles allows the organisation to
          create a robust and holistic approach to employee safety and security. It acknowledges the importance
          of addressing both accidental hazards and intentional threats, ensuring the well-being and protection of
          employees in various scenarios.

          It is worth noting that the specific implementation of these models should be tailored to the
          organisation’s unique needs, industry, and risk profile. Conducting a thorough workplace safety and
          adversarial risk assessment and engaging relevant experts can help determine the most appropriate
          measures and strategies for safeguarding employees from both industrial hazards and adversarial
          attacks.


          8.     Conclusion

          An organisation should create a blended cheese and onion flavoured safety and security programme to
          safeguard their employees, visitors, and supply chain partners.

          A converged directorate within an organisation’s structure —comprising of safety, security, emergency
          preparedness, business continuity, protective intelligence, and business risk specialists— will provide
          the necessary organisational resilience to deter, detect, delay, and respond to industrial safety hazards,
          workplace accidents, and intentional adversarial attacks. Given the appropriate exposure to, and overt
          support from, the C-Suite, this Protective Security and Organisational Resilience directorate can increase
          the levels of certainty that an organisation can deliver against their business plan and achieve their
          goals.

          This blended approach, to create and maintain a safe and secure working environment,  advocates that
          the protective security function should not become another ‘silo’ within a dysfunctional
          organisation. Impactful protective security programmes are achieved through collaboratively working
          with those departments who amplify the organisational values, and by engaging, educating,
          encouraging, and influencing secure behaviours across the workforce. ‘Security’ should not be shrouded
          in mystery, it is not a ‘black art’, and time should be spent recruiting advocates and ambassadors from
          across the organisation requiring protection.




















                                                             31
   26   27   28   29   30   31   32   33   34   35   36