The Onion Model of Security: Purposes and Benefits
The Onion model is used primarily for purposes of cyber-security, being applied in different fields with the goal of protecting their userbase and data. The basic of the structure is similar to a real onion – multiple layers of different security measures are applied to minimize the risk of data being compromised. The defense consisting of multiple layers was first adapted from military strategies, that were focused on delaying and containing the enemy’s attack instead of fully stopping it.
The onion model uses a similar approach to cybersecurity, a method that makes the points of access hard to reach for possible attackers. The benefits of such a system are that the systems of protection are diverse and require specific sets of skills to overcome them. The information can be secured via physical access, network protections, regulations, and security policies. All of these work in tandem to establish a secure environment.
5 Elements of Security – Usages and Purpose
Deterrence
Deterrence pertains to the act of discouraging people from breaching security and gaining unauthorized access to a facility or information. Deterrence is the most basic and primary step of security and crime prevention, as it allows organizations to prevent possible accidents and make their operation more secure. Both physical and psychological means of deterrence can be used, such as gates, fences, or security cameras. The main goal is to increase the sense of control and protection. Deterrence can also be achieved by making the potential gains of the perpetrator seem lesser than the costs they can suffer while committing a crime. Effective strategies of deterrence are aimed at a specific threat and specific individuals.
Detection
Detection is the second element of security, the one that is responsible for informing further measures and evaluating the danger. Detection is necessary when the deterrence effort fails, as it allows a facility or an organization to recognize the threat before it is too late. Detection methods also serve to alarm various security services and protocols into action, setting the direction of the security breach response.
The process of detecting unwanted activity is accomplished traditionally through alarms and other means to register a person’s presence. Standard alarms can identify an unwanted intrusion or presence in a forbidden area, while further movements can be tracked through security TV and cameras. Other types of technology, such as ultraviolet or infrared-light-based technologies are also applicable. In recent years, face recognition as a means of detection is becoming more prevalent, which can aid in increasing security.
Delay
Delay, as the next element of security, uses various methods to make the attack more inefficient and ineffective in its execution. When the danger is already imminent and the responding party needs to have time to formulate and execute their response, delaying measures work best. They give the authorities time to take appropriate action in regards to possible civilians or the preparation to counteract the actions of an attacker. The delay methods often include physical restraints, walls, and barriers, as well as other types of constructions that can prevent advances. Such obstacles often require special tools or extreme physical prowess to overcome, which makes it hard for an ordinary person to combat them.
done in as little as 1 hour
Response
The response is the second to last element of security, and the one that may take major resources and planning to successfully accomplish. Addressing the incoming attack and preventing the opposing side from reaching their goals is one of the only ways to de-escalate a security breach that would allow the respondents to not suffer losses. Protection without a means to actively secure and address the changing circumstances is prone to having liabilities, meaning that crisis response is a necessary element of any security system.
Response measures are formulated in accordance with the type of attack being performed, taking into account both the positions of all parties involved, time constraints, possible repercussions, and damages and costs associated with going through with a particular plan. It determines what measures have to be taken to address the threat range faced and arranges the action to initiate a response accordingly. The main goals are to minimize losses and potential downsides while addressing the events in a quick manner.
Recovery
Recovery is the last and longest step to countering and overcoming a threat to security. The process of recovery accesses the extent of damage done, accesses the level of current danger, and the reasons for the occurrence of a security breach. By analyzing all the factors responsible for the event, an organization can redirect its efforts to effectively mitigate the damage done and recover its resources. This may mean physical reconstruction or replacement in cases of physical intrusions, or re-introduction or new security measures in other cases. Oftentimes, it is effective to access the weaknesses found in the security system to possibly improve the defense in terms of either of the previous 4 steps or introduce a different framework that will allow for better protection. The main purpose of recovery is to return a facility and its security to normal operation and prevents the future possible efforts of other breaches.
Why Barriers Might not be Physical
While physical barriers are often effective and preventing breaches and ensuring security, they are not the only way to approach the question of security. The psychological aspect plays a large part in the equation as well, as it disincentivizes people from attempting to overcome security measures. Mental tactics are most often used as methods of prevention or deterrence, both of which work to minimize the potential of an attack ever occurring. By using non-physical barriers as an advantage, a group can ensure that fewer people will attempt security breaching. Such methods as methodic placement of cameras, restriction notices, and warnings can work well at making the prospect of an attack less appealing. The process of psychological manipulation works well to make potential attackers question the worth Of their endeavors.
according to your instructions
Regulatory Organizations
There are a number of security organizations that publish regulations regarding the usage, storage, and transfer of information, as well as other matters of security. The main reasons as to why such regulatory organizations exist are that the nations of the world needed to establish a universal standard for the accepted practices for handling security law, which would protect and hold accountable all parties involved in cases of accident.
Different organizations release their own documents and acts that help detail necessary practices and policies to secure organizations and their data. The protections can be applied both in the real world and the digital sphere, encompassing a range of approaches and practices developed specifically for a particular field. Regulation from the European Union, called “The General Data Protection Regulation”, which works to protect and ensure the legitimate usage of personal data. Frameworks similar to this one are used to guide the operation of different organizations, either advising or mandating appropriate practices for others. The adoption of a regulatory framework comprises a system of checks and balances that works to prevent security failures.
Purposes of the Airport Security Programme
An airport is a place that is in some ways more susceptible to being compromised and be vulnerable to the actions of malicious individuals. As an open system that sees the arrival and departure of a great number of people, airports often have to manage to work under strained circumstances. The place where members of different cultures and nations congregate, keeping track of all the transpiring events can become difficult.
When an external threat or an attack occurs in an airport, it puts an increasingly large amount of people in danger. To counteract the danger of a potential threat to both the airport workers and civilians, specific security measures need to be taken. The airport security programs allow officials to accomplish this goal in the most location-specific and efficient manner, introducing security measures and methods of deterrence that are expected to work best in a given scenario.
Local Security Risk Assessment, Risk Mitigation Purposes
An assessment of security in the process of risk assessment is useful for a variety of purposes. Firstly, a risk assessment allows to identify and address various security vulnerabilities before they become exploited by an attacker or start presenting a danger to the organization’s operation. By carrying a local security risk assessment, the organization can see its operation from the attacker’s point of view, strengthen its defenses, and apply new approaches to security. This is becoming especially relevant with the passage of time, as old security measures become outdated and ineffective in their performance and the need to create new approaches arises..
The efforts of risk mitigation can also work in a similar matter, helping an organization to increase protection and improve prevention measures while decreasing the possible damages suffered from a breach of security The efforts to mitigate risks work in accordance with their name, by decreasing the severity of possible negative consequences.
Outcome-focused Security
There are different possible approaches to addressing security in a suitable manner. In the past, it was customary for regulations to be strictly prescriptive, which could decrease the effectiveness of protection measures depending on where they were applied. This framework, however, was in time replaced by a more-outcome focused approach that gives organizations the leeway to determine the best methods of protection according to their internal and external environment. By focusing primarily on the desired effects of the approach instead of a specific guideline, it allows more creative and effective approaches to security to be implemented. The outcome-based approach prioritizes results over anything else and promotes innovation in the field of security.
References
Heidegger, Martin. n.d. The Question Concerning Technology. New York: Harper Colophon Books.
Ellul, Jacques, and John Wilkinson. 1964. The Technological Society. New York, NY: Vintage Books.