Page 31 - SyI Quarterly - Q3 and Q4 Edition 2023
P. 31
On the other hand, adopting the Onion Skin Defence-in-Depth concept enhances the organisation’s
ability to protect against adversarial attacks by motivated and capable threat actors. It involves the
implementation of multiple layers of protective security measures, including physical, technological, and
procedural [behavioural] defences. This approach makes it more challenging for adversaries to breach
the site perimeter and reach valuable targets. By having a layered defence, the organisation can deter
and detect potential attacks, delay adversaries’ progress, and provide sufficient time to initiate a
pre-planned and frequently rehearsed response.
Combining both the Swiss Cheese Model and Defence-in-Depth principles allows the organisation to
create a robust and holistic approach to employee safety and security. It acknowledges the importance
of addressing both accidental hazards and intentional threats, ensuring the well-being and protection of
employees in various scenarios.
It is worth noting that the specific implementation of these models should be tailored to the
organisation’s unique needs, industry, and risk profile. Conducting a thorough workplace safety and
adversarial risk assessment and engaging relevant experts can help determine the most appropriate
measures and strategies for safeguarding employees from both industrial hazards and adversarial
attacks.
8. Conclusion
An organisation should create a blended cheese and onion flavoured safety and security programme to
safeguard their employees, visitors, and supply chain partners.
A converged directorate within an organisation’s structure —comprising of safety, security, emergency
preparedness, business continuity, protective intelligence, and business risk specialists— will provide
the necessary organisational resilience to deter, detect, delay, and respond to industrial safety hazards,
workplace accidents, and intentional adversarial attacks. Given the appropriate exposure to, and overt
support from, the C-Suite, this Protective Security and Organisational Resilience directorate can increase
the levels of certainty that an organisation can deliver against their business plan and achieve their
goals.
This blended approach, to create and maintain a safe and secure working environment, advocates that
the protective security function should not become another ‘silo’ within a dysfunctional
organisation. Impactful protective security programmes are achieved through collaboratively working
with those departments who amplify the organisational values, and by engaging, educating,
encouraging, and influencing secure behaviours across the workforce. ‘Security’ should not be shrouded
in mystery, it is not a ‘black art’, and time should be spent recruiting advocates and ambassadors from
across the organisation requiring protection.
31