Zach McAfee, QANTAS AIRWAYS LIMITED - Security Management Systems (SeMS): Meeting the Risk in a time of austerity & security fatigue
Upcoming SlideShare
Loading in...5
×
 

Zach McAfee, QANTAS AIRWAYS LIMITED - Security Management Systems (SeMS): Meeting the Risk in a time of austerity & security fatigue

on

  • 510 views

Zach McAfee, Manager Security Systems & Assurance, QANTAS AIRWAYS LIMITED delivered the presentation at the 2014 Asia Pacific Aviation Security AVSEC conference. ...

Zach McAfee, Manager Security Systems & Assurance, QANTAS AIRWAYS LIMITED delivered the presentation at the 2014 Asia Pacific Aviation Security AVSEC conference.

The AVSEC conference brings together government authorities, policy makers and key industry leaders all under one roof at one time, to discuss the most pressing issues, the latest challenges and technology advancement within the aviation industry in the Asia Pacific region.

For more information about the event, please visit: http://www.informa.com.au/avsecconference

Statistics

Views

Total Views
510
Views on SlideShare
479
Embed Views
31

Actions

Likes
0
Downloads
3
Comments
0

2 Embeds 31

http://www.informa.com.au 30
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Zach McAfee, QANTAS AIRWAYS LIMITED - Security Management Systems (SeMS): Meeting the Risk in a time of austerity & security fatigue Zach McAfee, QANTAS AIRWAYS LIMITED - Security Management Systems (SeMS): Meeting the Risk in a time of austerity & security fatigue Presentation Transcript

  • Security  Management  Systems   Mee#ng  the  Risk  in  a  #me  of   Austerity  &  Security  Fa#gue   Asia  Pacific  AVSEC–  13  March   Zach  McAfee   Manager  Security  Systems  and  Assurance  
  • Objec=ves   SeMS   Drivers   Prac#ce   Output  
  • Challenge  of  Austerity   -­‐$252  Million   20   $1.4  Billion   90  
  • Structural  Limita=ons   Group  wide  security  survey:     o  A  strong  sense  that  staff  want  to  be  involved  in  developing  localised   security  solu#ons   o  A  sen#ment  that  ‘security’  is  something  that  happens  to  others   o  Need  guidance,  mentoring  and  a  sense  of  ownership   GROUP  SECURITY  &   FACILITATION   Qantas   Jetstar   GROUP  SECURITY&  FACILITATION  
  • SeMS:  What  is  it?   Systema#c     Approach   All  significant   risks  are   iden#fied  and   controlled     Mature  –   when  a     rou#ne   func#on  of   the  business   Challenge  is  how  to  establish  a  useful  one:     o  Immature  and  untested  discipline   o  No  single,  clear  and  pervasive  defini=on  of  SeMS     o  A  liale  like  magic,  unknowable  and  unexplainable  in  advance  
  • SeMS:  What  is  it  for  Qantas?   SeMS   Leadership   Process   Assurance  Risk   Training   A  series  of  related  process  documents   and  tools  that  have  been  draKed   through  the  lens  of  an  overarching   management  standard.   Through  a  process  of  system   integra=on,  the  security  ac=vi=es   governed  by  these  documents   become  imbedded  into  enterprise   wide  risk  management  ac=vi=es,  in   effect  becoming  systema=c  and   ‘business  as  usual’.     SeMS : FBI ACSD Forum Aug 2013 – 6
  • Structural  Limita=ons   GROUP  SECURITY  &  FACILITATION   Qantas   Jetstar  
  • New  structure   Head  of   Security  Qantas   Domes=c   Qantas   Interna=onal   Security  Team   Security  Team   Security  Team   Chief  Opera#ng   Officer   Chief  Opera#ng   Officer   CEO   Qantas   Interna#onal   Qantas  Domes#c   Jetstar   Group  Security  &  Facilita#on   Systems  &  Assurance  -­‐  Policy  &  Regula=on  -­‐  Facilita=on  &  Strategy   Business  Units  
  • Narrow  Security  Management   Leadership   Governance  :  repor#ng  for  Group   Stakeholder  Management  :  industrial  &  opera#onal   Accountability  :  for  the  group     Process   Policy  :  develop  and  implement  for  Group   Strategy  :  develop  &  execute  for  Group      Programs  :  develop  and  implement  for  Group   Assurance   Develop  and  undertake  compliance  assurance   program  for  Group   Risk   Review  and  Monitor  for  Group   Opera#ons  :  incident  management  for  Group   Training  &   Promo#on   Develop  framework  and  set  the  standard    for  Group   Group  Security  &  Facilita#on   Airlines     Business     Unit   Reac#ve  Tac#cal  Focus        -­‐        Compliance  Based        -­‐      Centralised  Accountability      
  • Broader  Security  Management   Leadership   Group  Governance   Industry   Stakeholders   Airline  Governance  :   airline  commiWees   Opera#onal   Stakeholders   Department   Governance     Local  stakeholders   Process   Policy  :  develop     Strategy  :  develop   Programs  :  oversight     Policy  :  implement   Strategy  :  develop       Programs  :  develop   Policy  :  compliance   Programs  :   compliance   Programs  :  SOPs   Assurance   Group  :  Systems   Assurance     Airline:  Assurance     Oversight  BU   compliance   BU  Systems   Assurance     Compliance   Assurance   Risk   Group  Risks  :  review   &  calibrate   Airline  Risks  :  review   &  monitor   Incident   Management     Department  Risks    :   iden#fy  &  monitor     Local  Incident   Management   Training  &   Promo=on   Set  Framework  /   Standards   Develop  in-­‐line   with  Standards   Deliver  &  Monitor   Corporate   Airline   Security   Business     Unit   Strategic  &  Governance                                                                                Compliance  &  Implement   Capability   Improvement   Ac#on   Tracking   Capability   Improvement   Ac#on   Tracking  
  • SeMS  Universe   SeMS   Training  &     Promo#on   Process  &     Ac#vity   Leadership  &     Commitment     KPI’s   BU  conduct  own  Analysis   Posi#on     Descrip#on   Strategy   Maintenance   Communica#on   Design   Accountability   Change   Management   Consulta#on   Assurance   Capability   Capability  Building   Risk   Management   BU  report  own  data  :  Sub-­‐commiWees   Repor#ng     metrics   Assessment  &     Mi#ga#on   Linkage   Review   Security   Performance   Findings   Programs   Security  strategy  alignment  :  BU  –  AST  –   GS&F   AST  Security     Risk  Assessments   Risk  Escala#on     through  BU’s   Risk  Calibra#on   Process   Risk  drives  Posture    :   Assurance/Opera#on   BU  Compliance   Audit   Sec  Teams  System   Audit   AST  analyse  Audits   BU  Iden#fy/resolve   findings   BU  report  to   commiWees   AST  Review  across   Airline   Core  Component   Element   Ac#vity  
  • SeMS  Universe:  Assurance   SeMS  Assurance   Capability  Building   Core  Component   Element   Repor#ng   metrics  Findings  &   Management     Programs   Ac#vity   BU  Compliance  Audit   Sec  Teams  System   Audit   AST  analyse  Audits   BU  Iden#fy/resolve   findings   BU  report  to   commiWees  AST  Review  across   Airline   AST  Training  BU  
  • Incident  Management   INCIDENT   DSC   GROUP   SECURITY  &   FACILITATION   RESOLUTION   o  Business  Units  have  liale  ownership   o  Limits  the  ability  to  pre-­‐empt  security  risks   o  Weaker  repor=ng  culture  
  • Incident  Management   INCIDENT   SELF  REPORTED   DORA   (BUSINESS   UNIT)   INVESTIGATION   RESOLUTION   COMMITTEE   o  Security  IQ  builds   o  Business  Units  takes  Responsibility   o  Risks  iden=fied  in  the  “pipeline”  sooner   o  Repor=ng  culture  strengthens   f   FFFF  
  • SeMS  Integra=on  Impact   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Mar-­‐00   Mar-­‐00   Commenced  Journey   Accelerated  decentralisa=on   40%   20%   0%   Security  Occurrences  -­‐  Causal  Factor  Unknown  
  • Driving  Value   Employees  assuming   responsibility  for   localised  security   outcomes     Formal  accountability   established  through  all   levels  of  management     Implementa=on  of  an   effec#ve  systems   assurance  programme        VALUE  
  • Security  Culture  
  • Delivering  Benefits   Compliance   •  Strengthening   capability  :   failure   minimisa=on   Process   •  Standardised   across  the   business   Metrics   •  Consistent   •  Accurate  &   =mely   •  Effec=ve   benchmarking   Assurance   •   Efficient  and   targeted   •  Risks   appropriately   escalated  and   managed   Training   •  Simplified   &   consistent  
  • QUESTIONS  ?