Security	
  Management	
  Systems	
  
Mee#ng	
  the	
  Risk	
  in	
  a	
  #me	
  of	
  
Austerity	
  &	
  Security	
  Fa#g...
Objec=ves	
  
SeMS	
  
Drivers	
  
Prac#ce	
  
Output	
  
Challenge	
  of	
  Austerity	
  
-­‐$252	
  Million	
  
20	
  
$1.4	
  Billion	
  
90	
  
Structural	
  Limita=ons	
  
Group	
  wide	
  security	
  survey:	
  	
  
o  A	
  strong	
  sense	
  that	
  staff	
  want	...
SeMS:	
  What	
  is	
  it?	
  
Systema#c	
  	
  
Approach	
  
All	
  significant	
  
risks	
  are	
  
iden#fied	
  and	
  
c...
SeMS:	
  What	
  is	
  it	
  for	
  Qantas?	
  
SeMS	
  
Leadership	
  
Process	
  
Assurance	
  Risk	
  
Training	
  
A	
...
Structural	
  Limita=ons	
  
GROUP	
  SECURITY	
  &	
  FACILITATION	
  
Qantas	
   Jetstar	
  
New	
  structure	
  
Head	
  of	
  
Security	
  Qantas	
  
Domes=c	
  
Qantas	
  
Interna=onal	
  
Security	
  Team	
   Se...
Narrow	
  Security	
  Management	
  
Leadership	
  
Governance	
  :	
  repor#ng	
  for	
  Group	
  
Stakeholder	
  Managem...
Broader	
  Security	
  Management	
  
Leadership	
  
Group	
  Governance	
  
Industry	
  
Stakeholders	
  
Airline	
  Gove...
SeMS	
  Universe	
  
SeMS	
  
Training	
  &	
  	
  
Promo#on	
  
Process	
  &	
  	
  
Ac#vity	
  
Leadership	
  &	
  	
  
...
SeMS	
  Universe:	
  Assurance	
  
SeMS	
  Assurance	
  
Capability	
  Building	
  
Core	
  Component	
   Element	
  
Repo...
Incident	
  Management	
  
INCIDENT	
   DSC	
  
GROUP	
  
SECURITY	
  &	
  
FACILITATION	
  
RESOLUTION	
  
o  Business	
 ...
Incident	
  Management	
  
INCIDENT	
  
SELF	
  REPORTED	
  
DORA	
  
(BUSINESS	
  
UNIT)	
  
INVESTIGATION	
  
RESOLUTION...
SeMS	
  Integra=on	
  Impact	
  
Jan-­‐00	
  
Jan-­‐00	
  
Jan-­‐00	
  
Jan-­‐00	
  
Jan-­‐00	
  
Jan-­‐00	
  
Jan-­‐00	
 ...
Driving	
  Value	
  
Employees	
  assuming	
  
responsibility	
  for	
  
localised	
  security	
  
outcomes	
  	
  
Formal...
Security	
  Culture	
  
Delivering	
  Benefits	
  
Compliance	
  
•  Strengthening	
  
capability	
  :	
  
failure	
  
minimisa=on	
  
Process	
  
...
QUESTIONS	
  ?	
  
Upcoming SlideShare
Loading in …5
×

Zach McAfee, QANTAS AIRWAYS LIMITED - Security Management Systems (SeMS): Meeting the Risk in a time of austerity & security fatigue

1,319 views

Published on

Zach McAfee, Manager Security Systems & Assurance, QANTAS AIRWAYS LIMITED delivered the presentation at the 2014 Asia Pacific Aviation Security AVSEC conference.

The AVSEC conference brings together government authorities, policy makers and key industry leaders all under one roof at one time, to discuss the most pressing issues, the latest challenges and technology advancement within the aviation industry in the Asia Pacific region.

For more information about the event, please visit: http://www.informa.com.au/avsecconference

Published in: News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,319
On SlideShare
0
From Embeds
0
Number of Embeds
57
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Zach McAfee, QANTAS AIRWAYS LIMITED - Security Management Systems (SeMS): Meeting the Risk in a time of austerity & security fatigue

  1. 1. Security  Management  Systems   Mee#ng  the  Risk  in  a  #me  of   Austerity  &  Security  Fa#gue   Asia  Pacific  AVSEC–  13  March   Zach  McAfee   Manager  Security  Systems  and  Assurance  
  2. 2. Objec=ves   SeMS   Drivers   Prac#ce   Output  
  3. 3. Challenge  of  Austerity   -­‐$252  Million   20   $1.4  Billion   90  
  4. 4. Structural  Limita=ons   Group  wide  security  survey:     o  A  strong  sense  that  staff  want  to  be  involved  in  developing  localised   security  solu#ons   o  A  sen#ment  that  ‘security’  is  something  that  happens  to  others   o  Need  guidance,  mentoring  and  a  sense  of  ownership   GROUP  SECURITY  &   FACILITATION   Qantas   Jetstar   GROUP  SECURITY&  FACILITATION  
  5. 5. SeMS:  What  is  it?   Systema#c     Approach   All  significant   risks  are   iden#fied  and   controlled     Mature  –   when  a     rou#ne   func#on  of   the  business   Challenge  is  how  to  establish  a  useful  one:     o  Immature  and  untested  discipline   o  No  single,  clear  and  pervasive  defini=on  of  SeMS     o  A  liale  like  magic,  unknowable  and  unexplainable  in  advance  
  6. 6. SeMS:  What  is  it  for  Qantas?   SeMS   Leadership   Process   Assurance  Risk   Training   A  series  of  related  process  documents   and  tools  that  have  been  draKed   through  the  lens  of  an  overarching   management  standard.   Through  a  process  of  system   integra=on,  the  security  ac=vi=es   governed  by  these  documents   become  imbedded  into  enterprise   wide  risk  management  ac=vi=es,  in   effect  becoming  systema=c  and   ‘business  as  usual’.     SeMS : FBI ACSD Forum Aug 2013 – 6
  7. 7. Structural  Limita=ons   GROUP  SECURITY  &  FACILITATION   Qantas   Jetstar  
  8. 8. New  structure   Head  of   Security  Qantas   Domes=c   Qantas   Interna=onal   Security  Team   Security  Team   Security  Team   Chief  Opera#ng   Officer   Chief  Opera#ng   Officer   CEO   Qantas   Interna#onal   Qantas  Domes#c   Jetstar   Group  Security  &  Facilita#on   Systems  &  Assurance  -­‐  Policy  &  Regula=on  -­‐  Facilita=on  &  Strategy   Business  Units  
  9. 9. Narrow  Security  Management   Leadership   Governance  :  repor#ng  for  Group   Stakeholder  Management  :  industrial  &  opera#onal   Accountability  :  for  the  group     Process   Policy  :  develop  and  implement  for  Group   Strategy  :  develop  &  execute  for  Group      Programs  :  develop  and  implement  for  Group   Assurance   Develop  and  undertake  compliance  assurance   program  for  Group   Risk   Review  and  Monitor  for  Group   Opera#ons  :  incident  management  for  Group   Training  &   Promo#on   Develop  framework  and  set  the  standard    for  Group   Group  Security  &  Facilita#on   Airlines     Business     Unit   Reac#ve  Tac#cal  Focus        -­‐        Compliance  Based        -­‐      Centralised  Accountability      
  10. 10. Broader  Security  Management   Leadership   Group  Governance   Industry   Stakeholders   Airline  Governance  :   airline  commiWees   Opera#onal   Stakeholders   Department   Governance     Local  stakeholders   Process   Policy  :  develop     Strategy  :  develop   Programs  :  oversight     Policy  :  implement   Strategy  :  develop       Programs  :  develop   Policy  :  compliance   Programs  :   compliance   Programs  :  SOPs   Assurance   Group  :  Systems   Assurance     Airline:  Assurance     Oversight  BU   compliance   BU  Systems   Assurance     Compliance   Assurance   Risk   Group  Risks  :  review   &  calibrate   Airline  Risks  :  review   &  monitor   Incident   Management     Department  Risks    :   iden#fy  &  monitor     Local  Incident   Management   Training  &   Promo=on   Set  Framework  /   Standards   Develop  in-­‐line   with  Standards   Deliver  &  Monitor   Corporate   Airline   Security   Business     Unit   Strategic  &  Governance                                                                                Compliance  &  Implement   Capability   Improvement   Ac#on   Tracking   Capability   Improvement   Ac#on   Tracking  
  11. 11. SeMS  Universe   SeMS   Training  &     Promo#on   Process  &     Ac#vity   Leadership  &     Commitment     KPI’s   BU  conduct  own  Analysis   Posi#on     Descrip#on   Strategy   Maintenance   Communica#on   Design   Accountability   Change   Management   Consulta#on   Assurance   Capability   Capability  Building   Risk   Management   BU  report  own  data  :  Sub-­‐commiWees   Repor#ng     metrics   Assessment  &     Mi#ga#on   Linkage   Review   Security   Performance   Findings   Programs   Security  strategy  alignment  :  BU  –  AST  –   GS&F   AST  Security     Risk  Assessments   Risk  Escala#on     through  BU’s   Risk  Calibra#on   Process   Risk  drives  Posture    :   Assurance/Opera#on   BU  Compliance   Audit   Sec  Teams  System   Audit   AST  analyse  Audits   BU  Iden#fy/resolve   findings   BU  report  to   commiWees   AST  Review  across   Airline   Core  Component   Element   Ac#vity  
  12. 12. SeMS  Universe:  Assurance   SeMS  Assurance   Capability  Building   Core  Component   Element   Repor#ng   metrics  Findings  &   Management     Programs   Ac#vity   BU  Compliance  Audit   Sec  Teams  System   Audit   AST  analyse  Audits   BU  Iden#fy/resolve   findings   BU  report  to   commiWees  AST  Review  across   Airline   AST  Training  BU  
  13. 13. Incident  Management   INCIDENT   DSC   GROUP   SECURITY  &   FACILITATION   RESOLUTION   o  Business  Units  have  liale  ownership   o  Limits  the  ability  to  pre-­‐empt  security  risks   o  Weaker  repor=ng  culture  
  14. 14. Incident  Management   INCIDENT   SELF  REPORTED   DORA   (BUSINESS   UNIT)   INVESTIGATION   RESOLUTION   COMMITTEE   o  Security  IQ  builds   o  Business  Units  takes  Responsibility   o  Risks  iden=fied  in  the  “pipeline”  sooner   o  Repor=ng  culture  strengthens   f   FFFF  
  15. 15. SeMS  Integra=on  Impact   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Jan-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Feb-­‐00   Mar-­‐00   Mar-­‐00   Commenced  Journey   Accelerated  decentralisa=on   40%   20%   0%   Security  Occurrences  -­‐  Causal  Factor  Unknown  
  16. 16. Driving  Value   Employees  assuming   responsibility  for   localised  security   outcomes     Formal  accountability   established  through  all   levels  of  management     Implementa=on  of  an   effec#ve  systems   assurance  programme        VALUE  
  17. 17. Security  Culture  
  18. 18. Delivering  Benefits   Compliance   •  Strengthening   capability  :   failure   minimisa=on   Process   •  Standardised   across  the   business   Metrics   •  Consistent   •  Accurate  &   =mely   •  Effec=ve   benchmarking   Assurance   •   Efficient  and   targeted   •  Risks   appropriately   escalated  and   managed   Training   •  Simplified   &   consistent  
  19. 19. QUESTIONS  ?  

×