Title: Designing and evaluating layered security

Authors: Steven Lord; Rick Nunes-Vaz

Addresses: National Security Science and Technology Centre, Defence Science and Technology Organisation, Edinburgh, SA 5111, Australia ' National Security Science and Technology Centre, Defence Science and Technology Organisation, Edinburgh, SA 5111, Australia

Abstract: Following systems engineering principles, we introduce analytic means to qualitatively judge and quantitatively assess layering of security controls with the aim of optimising risk reduction. The emphasis is on evaluating security controls in real world systems, where complications such as uncertainty, scale, multiple threats, multiple events, and multiple pathways from threat to event to consequences, confound the neat, and often used, picture of layering controls as rings around the bulls-eye of consequences. An example of physical security at a facility is given, with a quantitative illustration of optimising the layering of controls according to cost constraints.

Keywords: security risk analysis; security risk assessment; security risk management; layered security; security-in-depth; security layers; security system design; security system evaluation; security control optimisation; physical security; complex security systems; systems engineering; risk reduction.

DOI: 10.1504/IJRAM.2013.054377

International Journal of Risk Assessment and Management, 2013 Vol.17 No.1, pp.19 - 45

Received: 19 Jul 2012
Accepted: 23 Nov 2012

Published online: 19 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article