China
Africa
Explore chapters and articles related to this topic
Security
Published in Vivek Kale, Digital Transformation of Enterprise Architecture, 2019
The goal of enterprise security is to protect an organization’s information assets and infrastructure from accidental or malicious disclosure, modification, misuse and erasure. This chapter introduces the primary concepts in information security, namely, confidentiality, integrity, and availability, commonly known as the confidentiality, integrity, and availability (CIA) triad. Defense in depth entails putting in place multiple layers of defense, each giving an additional layer of protection. The identification and authentication is introduced as the first line of defense protecting an organization’s information assets and infrastructure. Authorization provides the segregation of duties control that is necessary for many organization functions. Access control refers to mechanisms used to limit access to networks and systems. Once granted access, the users need to be accountable for what they do with the resources or information. Auditing is the process we go through to ensure that our environment is compliant with the laws, regulations, and policies that bind it.
Safety of Sociotechnical Systems and Sociotechnical Work
Published in Torgeir K. Haavik, New Tools, Old Tasks, 2017
The energy and barrier perspective (Gibson ,1961; Haddon, 1980) calls attention to the physical energy involved in accidents, and the role of barriers in preventing them. According to this perspective, accidents occur when ‘objects are affected by harmful energy in the absence of effective barriers between the energy source and the object’ (Rosness et al., 2010: 113). Three different strategies for loss reduction are identified: reduction of the hazard, strengthening of the barriers and protection and rehabilitation of the victims. Defence in depth is achieved by applying several barriers directed towards different parts or processes of the system. However, as Reason’s (1997) Swiss cheese model illustrates, even such barrier systems may fail.2
Barriers against loss
Published in Urban Kjellén, Eirik Albrechtsen, Prevention of Accidents and Unwanted Occurrences, 2017
Urban Kjellén, Eirik Albrechtsen
Originally, defence in depth was the term for a military strategy involving actions to delay and spread out the forces of an attacker rather than preventing an attacker from entering into a territory. Nowadays, the concept also is used in the safety field to analyse the accomplishment of a high level of safety through layers of independent barriers (Perrow 1984/1999; Rasmussen 1993; Reason 1997). Defence in depth primarily is used in safety design where major accident risks are involved, such as in the chemical, oil, and gas, and nuclear industries. By this, we mean major accidents that may result in multiple fatalities inside and outside a plant and extensive material or environmental damage. A major accident may threaten the survival of the company responsible for the operation. Fortunately, the associated hazards are well defined and are possible to identify and evaluate at an early stage. Management of a company will marshal all feasible barriers in order to avoid losses.
Computer-Based Human-Machine Interfaces for Emergency Operation
Published in Nuclear Technology, 2018
Maren H. Rø Eitrheim, Håkan Svengren, Alexandra Fernandes
Emergency operating procedures (EOPs) are seen as an important component of the defense-in-depth concept of nuclear operation.1 The principle of defense in depth is based on the idea that there should be several layers of protection preventing unsafe conditions and release of radioactive material to the environment. The EOPs are intended to maintain safety functions and prevent core damage or to initiate mitigating actions by guiding the operators’ course of actions in demanding situations. Most nuclear power plants currently in operation use paper-based EOPs. However, studies, e.g., Refs. 2, 3, and 4, concerning the usage of paper-based EOPs have shown that prescribing activities and acting in accordance with procedures across different situations are not simple. In order to cover a range of conditions, the procedures are extensive and include much material that may not be relevant for the task at hand. This complicates the navigation within and between procedures for the operators, who may unintentionally miss important information, skip steps, or perform steps in wrong order. Furthermore, the administrative processes to ensure procedure adherence such as place-keeping techniques and correct component verification may draw attention away from the primary task of safely controlling the plant.