Printer Friendly

Teaching the Ishikawa's "fishbone" as a planning tool: responsibility and action planning matrices applied to airport security and network security.

INTRODUCTION

Security at major international airports (USA, UK, Germany, France, Japan, India, and Singapore etc) has embarked upon installation and testing of new security methods especially after 9/11 terrorist attacks on USA. Some of the examples of the new security methods include: new baggage-screening machines, controlling, controlling departure terminal entry and doubling federal security personnel in dozens of airports. The high-tech baggage screeners with advanced X-ray capabilities cost up to $1 million each. Additionally, the expense of airport security personnel is being increased as airport security personnel are being added to the federal employment rolls. The U.S. Congress believes airport security personnel will be better trained and supervised as a federal force. There have been many arguments over whether such increased security equipment or the presence of a federal airport security operation would have precluded or had any effect on the events of September 11. While that debate continues, it does offer the opportunity to apply a well-known Planning/Operations Management technique to assessing the problem by using a reverse-evaluation/ engineering approach.

LITERATURE REVIEW

The reverse engineering application of fishbone analysis (FA) to solve product-related problems and develop end-of-life product strategies is supported by several studies (Barr, Schmidt, Krueger & Twu, 2000; Ishii & Lee, 1996; Lee, Rhee, & Ishii, 1997; Otto & Wood, 1996; Rose & Ishii, 1999). The fishbone diagram has also been utilized to evaluate health care services; first, in a hospital setting to assess and reduce delays in the treatment of patients receiving coronary thrombolytic therapy (Bonetti, 2000) and to identify improvement strategies and training needs for physicians, nurses and other caregivers (Cohen, 2002). The cause and effect value of FA is demonstrated in studies conducted by Yu (1998) and Constantinides (1999) to identify root causes for software coding faults, and to categorize different causes of software communication failure. Finally, the effectiveness of FA used as a planning tool to improve quality processes and increase revenues is demonstrated by Lore (1998), Geerts & McCarthy (2000), Wilcox & Discenza (1994), and Clark (2000).

In the present paper we propose to provide two examples of application of fishbone diagram to (i) Airport security, and (ii) Network security.

THE APPLICATION OF FISHBONE DIAGRAM TO AIRPORT SECURITY

The application of a Fishbone (Ishikawa, 1996) diagram to the problem of "how a passenger can board a plane with a weapon" reveals six potential categories of possible causes (Figure 1).These are Method, People, Equipment, Material, Environment, and Measurement. A Responsibility Matrix (2) is then constructed to identify who has ownership of the causes and what action should be taken (Table 1).

[FIGURE 1 OMITTED]

Next, an Action Planning Matrix (Table 2) begins with the actions to be taken as identified by the Responsibility Matrix, and further identifies needed resources to support actions, and an expected time frame for results. Each category is presented and discussed in the following.

RESPONSIBILITY AND ACTION PLANNING MATRICES

Method

The Method Category of the Fishbone diagram represents the methods of enforcing security at the airport that could be the possible causes of security breaches. The four possible causes for the passenger boarding the plane with a weapon are Electronic Search Techniques, Ineffective Sampling Methods, Baggage viewing, and Physical Search.

Electronic Search Techniques

Electronic Search Techniques may be ineffective if the equipment is poorly designed or incapable of detecting all possible type of weapons. To ensure efficiency, the equipment should be maintained and calibrated at regular time intervals. This same reasoning applies to all checked baggage. This is the responsibility of the Maintenance Supervisor who has a direct control over the cause. The action to be taken is to maintain and calibrate equipment at regular time intervals. As indicated on the Action Planning Matrix, maintenance training is provided by manufacturer; however, additional human resources will need to be hired to administer the revised maintenance schedule, and this action should be accomplished within 60 days.

Ineffective Sampling Methods

Another cause of security breach is the ineffective sampling techniques. Oftentimes, security personnel subject the passengers to check at random and this may result in allowing the potentially threatening passengers unchecked. The action need to be taken is have effective sampling methods.

Baggage Viewing

Screeners should do Baggage Viewing of carry-on luggage attentively. Laxness or in-attention by the screeners will allow objects to go undetected.

Physical Searches

Performing Physical Searches when needed (as indicated by behavior, prior information, metal detector alarm etc.), on the passengers could be a potential cause because there is a chance that it is not being done properly or completely. Improper physical checking may allow a passenger to board the plane with a weapon. The correcting of Ineffective Sampling Methods, Baggage Viewing, and Physical Searches are all the responsibility of the Head of Airport Security who have a direct control over these things. The action to be taken should be to ensure effective sampling methods and adequate sample size (and possibly check every passenger by taking extra time and effort), frequently rotate baggage viewing personnel to reduce boredom and drudgery, and ensure accurate physical searches through proper training of employees in observational and search procedures and efficient execution in searching all or designated passengers.

According to the Action Planning Matrix, the resources needed to accomplish the recommended actions include software for computerized random sampling methods and scheduling for employee rotations, and additional training in observational techniques for Baggage Viewing, as well as simulation training for physical searches. Additional resources will also be required to provide competency evaluations subsequent to training. The actions necessary to prevent Ineffective Sampling Methods, and accomplish effective Baggage Viewing and Physical Searches should be accomplished within a 30-day timeframe.

People

This category includes the people having any involvement in basic airport operations or using airport services. Four groups (see Figure 1) shown on the diagram could be as the possible causes for a security failure. These are Passengers in the check-in and boarding areas, Airport Security Personnel, Airport Employees (non-security, shop and restaurant employees), and the Flight Crew (ticket agents, cabin and flight deck). They are listed on the responsibility matrix as having some control over the passenger boarding the plane with a weapon. The passenger with the weapon is considered as part of the problem and not a cause.

Passengers are a possible cause as they have the responsibility of cooperating with all of the security procedures established and implemented for their safety. They could aid in the effectiveness of security if they report strange behavior immediately. The passengers' cooperation is considered as part of the responsibility of the Airport Management and they have some of control. The action to be taken is to let the passengers know how the security procedures affect their safety, the processes and mechanisms available for providing input and what items are prohibited as carry on. This would help them to be more cooperative and attentive to what is going on in their surroundings. This task can be accomplished within two weeks, using minimal resources to create signs and make public address announcements effective.

Members of Airport Security Personnel are the most important cause because they have the responsibility of being alert to a security breach and available to immediately respond to such occurrences. They should be trained properly upon hiring to act upon any violation of airport security protocol. The Head of Security has the responsibility for this cause and has direct control. Head and Security personnel must make sure that each security guard is properly trained and well-supervised. The action that must be taken is physically monitoring security personnel by having someone walking around observing procedures. The availability of cameras to monitor real time activities also provides for immediate corrective action. This action can be accomplished within one week using resources already in place.

General Airport Employees are another possible cause as identified in the diagram. Airport employees should be looking for unusual or suspicious behavior and trained in response procedures. To eliminate the employees entering aircraft with a weapon (or any act like that) pre-employment checks must be performed. Human Resources for the airport and individual airlines have responsibility for this cause and they have direct control. The action to be taken is an upgrade of hiring procedures to assure only qualified individuals are selected. This action can be accomplished with two weeks by engaging professional

services to perform pre-employment background checks. This will require additional budgetary funding to cover the cost of these contractual services.

The Flight Crew has the responsibility of being attentive and aware of what is happening on the actual airplane during boarding and flight. This is the responsibility of Airline Management and they have direct control over the cause. The action to be taken is to properly train flight attendants and pilots in observational techniques, response procedures and encourage alertness. This action can be accomplished within 30 days by utilizing simulation-training professionals who are already employed by the airline.

Equipment

The Equipment category lists some of the basic equipment used at checkpoints to detect objects on passengers. The possible causes in this category of a passenger passing a checkpoint and boarding a plane with a weapon are as follows: X-Ray Machines, Magnetic Wands, Video Cameras, and Metal Detectors. These types of equipment could be possible causes of the problem if they are not used properly or if they are not used to their full potential. Equipment may also be out-dated and/or out of calibration, which could cause major problems in how it performs. These issues are the responsibility of the Head of Airport Security who has a direct control over the cause. The action to be taken is to provide better training for employees in equipment use and video surveillance to pay more attention to details. The equipment should also be checked in a set protocol for maintenance and calibration, and the checkpoints should be re-designed for maximum efficiency. This will require increased budgetary resources to purchase up-to-date equipment and tools, and to hire additional human resources for re-designed checkpoints. With the proper resources, this could be accomplished within 90 days.

Material

The Material category includes the items which constitute a hidden weapon (metal, ceramic, plastic etc.). This includes items On the Passenger, items in Carry-On Baggage, or items that may be brought aboard by Service Personnel.

Passengers could easily hide things in their bags that they are not allowed to carry on themselves. The Carry-On Baggage can be potential cause if it is not searched properly. Each bag should be of proper size and weight as per what is allowed. The materials named here are all the responsibility of Security and they have a direct control over the cause. The actions to be taken include a physical search of virtually all passengers using wands, metal detectors, and other search techniques. Carry on Baggage must be physically checked for banned items. Size and weight limits for carry-on baggage must be posted and strictly enforced. Physically searching every passenger will require additional human resources and re-designed security checkpoints. Size and weight limits for carry-on baggage can be communicated to passengers via signs at the airport, as well as through TV and radio airtime, and the use of printed media to inform the public. With these resources in place, we can expect the accomplishment of these recommended actions within 60 days.

Service Personnel could also transport banned items hidden within their clothing, or in their equipment. The actions of Service Personnel fall under the supervision of Airport Management, and they have a direct control over the cause. The actions to be taken include requiring security clearance and a background check for all service personnel, as well as training service personnel to observe unusual peer behavior. Just as for the afore-mentioned airline employees, Airport Management can accomplish the recommended actions by engaging professional services to perform pre-employment background checks. They should also utilize simulation training for observational techniques. This may require hiring instructors, or establishing a cooperative agreement with the Airlines to utilize their instructors. With the proper resources in place, these recommended actions should be accomplished within 30 days.

Environment

The Environment Category identifies causes related to the environment at the airport that can cause a passenger to board a plane with a weapon. This category identifies such factors as the Fast Pace of travel, Over-crowding, Time Limits to catch a flight, and the Impatience exhibited by the Passengers and others identified in the people category.

The airport being so Fast-Paced can cause the security process to be rushed. This would cause items on the passenger to not be detected. This cause is the responsibility of the Head of Airport Security and he has a direct control over the cause. The Head of Airport Security should enforce taking necessary time to do the job right regardless of complaints from waiting passengers. Over-crowding can cause a problem as it would become easier for someone to slip by without being searched completely. This is the responsibility of the Airport Management and they have a direct control over the cause. The action to be taken would be to have a sufficient number of properly trained personnel to meet the queue generated by flight schedules. This would help expedite the security check in process, reducing impatience and frustrations without sacrificing accuracy.

Time Limits are a cause because the airport is overcrowded, lines tend to be long and passengers are rushed. This leads to the fourth cause which is Passenger Impatience. Security feels pressure to release passengers without fully checking them because they are in a rush to get to their plane. All of these are the responsibility of the Airport Management and they have a direct control because they should enforce safety first. The actions to be taken include hiring adequate human resources to efficiently process passengers through security, thereby reducing passenger impatience while keeping public safety paramount. The actions necessary are to manage the Fast Pace of travel, reduce Over-crowding and Passenger Impatience, and work within Time Limits could be accomplished with additional human resources and a public education program to inform passengers that it is necessary to allow at least one hour to check in for a flight. With these resources in place, the recommended actions can be accomplished within 60 days.

Measurement

The last category is Measurement. This category deals with measures of the effectiveness of Security. This includes Percentage of Safe Flights, Prohibited Items Detected, Number of People Apprehended, Equipment Calibration, and Training/Experience of Security.

The Percentage of Safe Flights, Prohibited Items Detected, and Number of People Apprehended can measure the effectiveness of Security. These are the responsibility of Airport Security who has some control over the Percentage of Safe Flights, a direct control over the Prohibited Items Detected, and Number of People Apprehended. The action to be taken is improving the security process, and reporting and reviewing the Percentage of Safe Flights, Prohibited Items Detected and the Number of People Apprehended. Airport Security should use Continuous Improvement (Daft, 2006) methods to monitor and improve security processes, frequency of incidents, and training of security personnel. There are no additional resources required to accomplish these actions. Administrative resources are already in place, and these tasks should be accomplished within 30 days.

Equipment Calibration is a very important cause. The equipment should be tested periodically to assure it is working properly. Equipment that is not working properly could allow a passenger to get through security with an undetected weapon or to be unnecessarily detained. This cause is the responsibility of the Security and they have a direct control over the cause. They should improve the equipment by doing maintenance checks at regular intervals and acquiring more up-to-date equipment. These recommended actions will require additional human and financial resources to purchase up-to-date equipment. These actions can be accomplished within 60 days of obtaining the required resources.

The last cause, Training/Experience of Security, deals with how well security personnel have been trained. This is the responsibility of the Head of Airport Security and he has a direct control over the cause. This is a control function and the action to be taken is to monitor and evaluate training results, redesign training programs and retrain on a continuing basis. The administrative resourced needed for these actions are already in place, and results should be available within 30 days.

THE APPLICATION OF FISHBONE DIAGRAM TO NETWORK SECURITY

Computer network has become an integral part of the business and hence keeping the network running all the time is crucial to the existence of the business. We live in a world that relies increasingly on its communications infrastructure. Network availability problems affect customers and their businesses, and can damage trust in the resilience of the network. As such, ensuring that networks are robust, reliable and resistant to external attack is a key part of network design (Harman et al. 2006). Some of the examples of network technologies used by the businesses are electronic data interchange (EDI), web-based applications (Liu & Mackie, 2006), LANs, WANs etc. EDI usage is expected to increase in the immediate future and its high growth in a potentially paperless environment presents a variety of security risks, such as disclosure of messages, tampering with messages, etc. (Bannerjee & Golhar, 1995). Dow chemicals is one of the many companies which uses web-based applications. Dow uses state-of-the-art IT security system and addressed this issue by implementing a high standard Cyber security system for its e-business based on the Chemical Sector Cyber Security Program. (Chen et al, 2006). The use of Internet technologies has substantially increased the vulnerability of information systems. One of the fastest growing threats on the Internet is the theft of sensitive financial data. Failure to include basic information security unwittingly creates significant business and professional risks (Beard & Wen, 2007). One of the security issues in the use of network involves information passing over the network. Information security encompasses technology, processes, and people. Technical measures such as passwords, biometrics, and firewalls alone are not sufficient in mitigating threats to information. A combination of measures is required to secure systems and protect information against harm (Veiga & Eloff, 2007). The harm could also be caused by generating a virus. A computer virus is a software code that can multiply and propagate itself. A virus can spread into another computer via e-mail, downloading files from the Internet, or opening a contaminated file. It is almost impossible to completely protect a network computer from virus attacks; the CSI/FBI survey indicated that virus attacks were the most widespread attack for six straight years since 2000 (Lin, 2006). Information security is a responsibility of every individual working in various functional areas of an organization. In order to secure information it is important for an organization to have an integrated security approach that engages multiple functional levels in an organization from the Board and management to IT staff and individual users (Higgins, 1999).

In order to minimize the risk of network failure and to secure it from being "attacked" by any means to disrupt the business the organizations should have a formal plan of managing and securing network. Fishbone diagram technique can help understand and manage the network. It also further helps in identifying the causes of the network failure and provides an early plan. Proactive measures can help protect the network. Figure 2 (Fishbone diagram) shows the causes of possible failure of the network. Using this diagram business manager can proactively plan to prevent failure of network. Action planning matrix and responsibility matrix are presented in Tables 3 and 4 respectively.

[FIGURE 2 OMITTED]

CONCLUSION

As a teaching exercise, the creation of the Fishbone diagram is very helpful in planning for the prevention of problems. It allows the student to look at the possible problem and then brainstorm all possible causes for that problem. While the Fishbone Analysis is very useful, the addition of a Responsibility Matrix adds strength to the process by identifying the degrees of control and responsibilities parties to the problem have and recommended actions to be taken. An Action Planning Matrix then allows planning for needed resources to prevent the problem or its recurrence by identifying the resources needed as well as a time frame for expected results. The Fishbone Analysis, Responsibility Matrix and Action Planning Matrix show the interdependencies among the players and identify the processes necessary to prevent potential problems.

REFERENCES

Bannerjee, S. & Golhar, G.Y.(1995). Security issues in the EDI environment, Information Management and Computer Security, 3(2): 27-33

Barr, R.E., Schmidt, P.S., Krueger, T.J., & Twu, Chu-Yu. (2000). An Introduction to Engineering Through an Integrated Reverse Engineering and Design Graphics Project, Working paper, ME Depart., University of Texas at Austin.

Beard, D, & Joseph H. Wen, J.W. ( 2007), Reducing the Threat Levels for Accounting Information Systems, The CPA Journal. 77 (5): 34-41

Bonetti, P.O., Wackerlin A., Schuepper, G., & Frutiger, A.(2000). Improving Time-Sensitive Processes in the Intensive Care Unit: The Example of "Door-to-Needle Tim in Acute Myocardial Infarction, International Journal for Quality in Health Care, 12 ( 4):311-317.

Chen, J.C.H., Chiniwar, S., Lin, B., & Chen, P. (2006). Security in e-business and beyond: a case study reflecting current situations and future trends, International Journal of Mobile Communications, 4(1):17-33

Clark, T. J.(2000). Getting the Most From Cause and Effect Diagrams, Quality Progress, 33(6): 152.

Cohen, L.(2002).Current Issues in Agitation Management, Advanced Studies in Medicine, 2(9): 332-337.

Constantinides, P. C., & Rudnicky, A. I. (1999). Dialog Analysis in the Carnegie Mellon Communicator, Working paper, School of Computer Science, Carnegie-Mellon University.

Daft R.L., & Marcic, D. (2006). Understanding Management. Thompson South-Western, Mason, OH.

Geerts, G. L., McCarthy, W. E. (1999). The Ontological Foundation of REA Enterprise Information Systems", Working paper, Department of Accounting, University of Delaware

Harman, B., Burness, L., Corliano, G., & Murgu, A. (2006). Securing network availability. BT Technology Journal. 24(2): 65-71.

Higgins, H. N. (1999). Corporate system security: towards an integrated management approach, Information Management and Computer Security, 7(5): 217-222.

Ishii, K., & Lee, B.(1996). Reverse Fishbone Diagram: A Tool in Aid of Design for Product Retirement, Proceedings, ASME Design Technical Conference, Paper # 96-DETC/DFM-1272.

Ishikawa K. (1976).Guide to Quality Control, Asian productivity Organization, Nordica International Ltd. Hong Kong.

Lee, B. Rhee, S., & Ishii, K. (1997) Robust Design for Recyclability Using De-Manufacturing Complexity Metrics, Proceedings of ASME Design Engineering Technical & Computers in Engineering Conference, 1-8.

Lin, P. P. (2006). System Security Threats and Controls, The CPA Journal. 76(7): 58-65.

Liu, C., & Mackie., B.G. (2006). Teaching Security Techniques in an E-Commerce Course, Journal of Information Systems Education. 17(1): 5-10

Lore, J. (1998). A New Slant on Fishbones. Quality Progress, 31(9): 128

Otto, K. N., & Wood, K. L. (1996). A Reverse Engineering and Re-Design Methodology for Product Evolution, Proceedings of ASME Design Theory and Methodology Conference, 1-10.

Rose, C., & Ishii, K. (1999). Product End-of-Life Strategy Categorization Design Tool, Journal of Electronics Manufacturing, 9(1): 41-51.

Russell, R., & Taylor, B. (2006) Operations Management, Quality and Competitiveness in a Global Environment, Wiley.

Stevenson, W.J. (2005). Operations Management. McGraw-Hill, Burr Ridge Parkway, IL.

Veiga, A D., & Eloff, J.H.P. (2007) An Information Security Governance Framework, Information Systems Management. 24 (4): 361-372

Wilcox, K., & Discenza, R.(1994). Auditing: The TQM Advantage, CA Magazine, 37-41.

Yu, W. (1998). A Software Fault Prevention Approach in Coding and Root Cause Analysis, Bell Labs Technical Journal, 3-31.

Satyanarayana Parayitam, University of Massachusetts Dartmouth

Kiran Desai, McNeese State University

Mayur S. Desai, Texas Southern University

Mary K Eason, McNeese State University
Table 1. Responsibility Matrix

Airport Security

CAUSE DESCRIPTION RESPONSIBILITY

METHOD

Electronic Search Is technology up-to- Maintenance
Techniques date/working properly Supervisor

Ineffective Is it random/adequate Head of Security
Sampling Methods sample size?

Baggage Bags being viewed Head of Security
Viewing attentively

Physical Search Performed properly and Head of Security
 completely

PEOPLE

Passengers Cooperative/Notice Airport Management
 Strange Behavior

Airport Security Properly trained/Alert, Head of Airport
Personnel well-supervised Security

Airport Employees Looking for unusual or Human Resources
 suspicious activity

Flight Crew Be attentive and aware Airline Management
 during boarding and
 flight

EQUIPMENT

X-ray machines Used properly to fullest Head of Security
 potential, up-to-date
 maintenance

Magnetic Wands Used properly to fullest Head of Security
 potential, up-to-date
 maintenance

Video Cameras Used properly to fullest Head of Security
 potential, up-to-date
 maintenance

Metal detectors Used properly/ Head of Security
 calibrated

MATERIAL

Items on Passenger Passengers can easily Head of Security
 hide prohibited items if
 not properly searched

In Carry-on Proper size/checked Head of Security
Baggage thoroughly

On Service Banned items could be Airport Management
Personnel hidden in clothing or
 equipment

ENVIRONMENT

Fast-Pace Security Process rushed Head of Airport
 Security

Over-Crowding Too many passengers at Airport Management
 the same time

Time Limits Pressure to release Airport Management
 passenger

Passenger Passengers get angry Airport Management
Impatience /unruly

MEASUREMENT

% of safe flights # of flights without Airport Security
 incident

Prohibited Items Number of objects Airport Security
Detected detected

# People Number of passengers Airport Security
Apprehended apprehended for
 prohibited items

Equipment Is equipment calibrated Airport Security
Calibration as recommended by the
 manufacturer

Training/ Proper and effective Head of Airport
Experience training methodology Security
of Security

CAUSE DEGREE ACTION TO BE TAKEN
 OF
 CONTROL

METHOD

Electronic Search Direct Maintain and calibrate equipment at
Techniques regular time intervals

Ineffective Direct Efficiently search all or designated
Sampling Methods passengers

Baggage Direct Proper training of employees,
Viewing frequent rotation of employees

Physical Search Direct Proper training of employees in
 search techniques

PEOPLE

Passengers Some Encourage cooperation by Informing
 passengers it is for their safety,
 explain processes for reporting
 strange behavior

Airport Security Direct Monitor security personnel by camera
Personnel and supervisory observation

Airport Employees Direct Upgrade hiring practices, Hiring
 highly qualified employees

Flight Crew Direct Properly train flight crew in
 observational techniques and
 response procedures

EQUIPMENT

X-ray machines Direct Proper training in use of equipment
 for employees, emphasis on detail,
 equipment properly maintained and
 calibrated, re-design checkpoints for
 maximum efficiency

Magnetic Wands Direct Proper training in use of equipment
 for employees, emphasis on detail,
 equipment properly maintained and
 calibrated, re-design checkpoints for
 maximum efficiency

Video Cameras Direct Proper training in video surveillance
 for employees, emphasis on detail,
 equipment properly maintained and
 calibrated, re-design checkpoints for
 maximum efficiency

Metal detectors Direct Proper training in use of equipment
 for employees, emphasis on detail,
 equipment properly maintained and
 calibrated, re-design checkpoints for
 maximum efficiency

MATERIAL

Items on Passenger Direct Physical search of passengers using
 wands, metal detectors, and other
 search

In Carry-on Direct Look for banned items, Post size and
Baggage weight limits and strictly enforce

On Service Direct Require security clearance and
Personnel background check for all service
 personnel; train service personnel to
 observe unusual peer behavior

ENVIRONMENT

Fast-Pace Direct Take time to do job correctly

Over-Crowding Direct Hire additional human resources

Time Limits Direct Public safety paramount

Passenger Some Keep passenger pacified
Impatience

MEASUREMENT

% of safe flights Some Use Continuous Quality Improvement
 methods to monitor security
 processes and training of security
 personnel

Prohibited Items Direct Use Continuous Quality Improvement
Detected methods to monitor security
 processes and training of security
 personnel

# People Direct Inform public regarding prohibited
Apprehended objects and acceptable airport
 behavior. Enforce strict sanctions for
 violators.

Equipment Direct Improve/add maintenance checks.
Calibration Acquire more up-to-date equipment.

Training/ Direct Evaluate training results. Take
Experience corrective action when necessary.
of Security Monitor performance of security
 personnel.

Table 2: Action Planning Matrix

Airport Security

ACTION TO BE TAKEN WHO WHEN

METHOD

Maintain and calibrate equipment Maintenance 60 days
at regular time intervals Supervisor

Efficiently search all or Head of security 30 days
designated passengers

Proper training of employees, Head of security 30 days
frequent rotation of employees

Proper training of employees Head of security 30 days
in search techniques

PEOPLE

Encourage cooperation by Informing Airport Management 2 weeks
passengers it is for their safety,
explain processes for reporting
strange behavior

Monitor security personnel by Head of security 1 week
camera and supervisory observation

Upgrade hiring practices, Hiring Human Resources 2 weeks
highly qualified employees

Properly train flight crew in Airline Management 30 days
observational techniques and
response procedures

EQUIPMENT

Proper training in equipment use Head of security 90 days
and video surveillance for
employees, emphasis on detail,
equipment properly maintained and
calibrated, re-design checkpoints
for maximum efficiency

MATERIALS

Physical search of passengers Head of Security 60 days
using wands, metal detectors,
and other search

Look for banned items; Post size Head of Security 60 days
and weight limits and strictly
enforce

Require security clearance and Airport Management 60 days
background check for all service
personnel; train service personnel
to observe unusual peer behavior

Inform public of restrictions on Airport management 60 days
carry-on items

ENVIRONMENT

Hire more personnel to control Airport management 60 days
over-crowdedness

Enforce complete security searches Head of security 60 days
regardless of rush

Keep public safety paramount Airport Management 60 days

MEASUREMENT

Make report of safe flights, Head of Security 30 days
prohibited items detected, and #
of apprehended passengers. Use CQI
methods to monitor incidents and
improve procedures.

Improve/ add maintenance checks. Head of Security 60 days
Acquire more up-to-date equipment.

Evaluate training results. Take Head of Security 30 days
corrective action when necessary.
Monitor performance of security
personnel.

ACTION TO BE TAKEN RESOURCES

METHOD

Maintain and calibrate equipment Training provided by manufacturer;
at regular time intervals additional human resources to
 facilitate maintenance schedule

Efficiently search all or Computerized random sampling
designated passengers methods, training in observational
 techniques

Proper training of employees, Competency evaluation,
frequent rotation of employees Computerized scheduling for
 rotations

Proper training of employees Simulation training instructors
in search techniques

PEOPLE

Encourage cooperation by Informing Signs, Public Address
passengers it is for their safety, Announcements
explain processes for reporting
strange behavior

Monitor security personnel by Resources already in place
camera and supervisory observation

Upgrade hiring practices, Hiring Budget resources needed to engage
highly qualified employees professional services to perform
 pre-employment background checks

Properly train flight crew in Utilize simulation training
observational techniques and professionals currently on staff
response procedures

EQUIPMENT

Proper training in equipment use Increase budget to purchase
and video surveillance for additional equipment and tools,
employees, emphasis on detail, and to hire additional human
equipment properly maintained and resources.
calibrated, re-design checkpoints
for maximum efficiency

MATERIALS

Physical search of passengers Increased human resources;
using wands, metal detectors, re-design check points for
and other search efficiency

Look for banned items; Post size Signs, TV and Radio airtime,
and weight limits and strictly print media to inform public
enforce

Require security clearance and Engage professional services to
background check for all service perform background check. Utilize
personnel; train service personnel simulation training for
to observe unusual peer behavior observational techniques. Hire
 instructors or utilize airline
 instructors.

Inform public of restrictions on TV & radio airtime, print media
carry-on items

ENVIRONMENT

Hire more personnel to control Human resources
over-crowdedness

Enforce complete security searches Training/ supervision, educate
regardless of rush passenger to come early, say at
 least 1 hour before flight
 departure time.

Keep public safety paramount Resources necessary to utilize
 media to manage expectations of
 passengers and educate them
 regarding security procedures

MEASUREMENT

Make report of safe flights, Administrative resources already
prohibited items detected, and # in place
of apprehended passengers. Use CQI
methods to monitor incidents and
improve procedures.

Improve/ add maintenance checks. Additional human and financial
Acquire more up-to-date equipment. resources

Evaluate training results. Take Administrative resources already
corrective action when necessary. in place
Monitor performance of security
personnel.

Table 3: Responsibility Matrix

Network Security

CAUSE DESCRIPTION RESPONSIBILITY DEGREE
 OF
 CONTROL

METHOD

Firewalls Gateway to information IT Security Some
 resources Supervisor

Isolation of Physical Separation IT Security Direct
Critical of the components on Supervisor
Components networks
on Network

PEOPLE

Internal Cooperative/Notice Supervisor/ Some
End Users Strange Behavior Management

External Cooperative/Notice Supervisor/ Some
End Users Strange Behavior Management

IT Properly trained/ Head of IT Direct
Professionals Ethical Security

EQUIPMENT

Monitoring Monitor Network IT Network Staff Direct
Equipment Activity

Test Equipment Regularly test network IT Network Staff Direct
 hardware & software

Maintenance Used properly to IT Network Staff Direct
Equipment fullest potential,
 up-to-date maintenance

MATERIAL

Hardware Computer hardware and IT Network Direct
 peripherals on the Manager
 network

Software Application, System, IT Network Direct
 and Network software Manager

ENVIRONMENT

Centralized Computing is IT Network Direct
 controlled centrally Manager

Decentralized Computing is IT Network Direct
 controlled at Manager
 several places

Distributed Processing is IT Network Direct
 distributed Manager
 across the network

MEASUREMENT

# of Intrusions # of unauthorized IT Security Some
 access to network Manager

Performance & Measure the network IT Administrator Direct
Tuning (Hardware) hardware performance

Performance & Measure the network IT Administrator Direct
Tuning (Software) software performance

CAUSE ACTION TO BE TAKEN

METHOD

Firewalls Identify resources which need to
 be protected

Isolation of Identify the components on
Critical networks that need to be
Components separated
on Network

PEOPLE

Internal Encourage end users to follow
End Users company policy regarding using
 computing resources on network

External Encourage external end users to
End Users follow company policy
 regarding using computing
 resources on network

IT Provide training regarding
Professionals information protection, Hire
 qualified IT professionals, check
 their background

EQUIPMENT

Monitoring Monitoring plan--list what to
Equipment monitor and how often

Test Equipment Develop routing test plan

Maintenance Develop and follow Network
Equipment Maintenance Plan

MATERIAL

Hardware Make sure all the computing
 hardware on the network are
 properly working and are
 secured

Software Make sure all the software
 installation is functional and
 secured

ENVIRONMENT

Centralized All the software and storage is
 controlled centrally

Decentralized Coordinate activities at different
 nodes in decentralized
 environment

Distributed Data processing and
 management is distributed
 making it secured is more
 critical

MEASUREMENT

# of Intrusions Track unauthorized access to
 network

Performance & Monitor and measure the access
Tuning (Hardware) rates, data processing efficiency
 and make continuous
 adjustments

Performance & Monitor and measure the access
Tuning (Software) rates, data
 processing efficiency
 and make continuous
 adjustments

Table 4: Action Planning Matrix Network Security

ACTION TO BE TAKEN WHO WHEN

METHOD

Setup the proper firewalls to DBA-In my As needed
secure the sensitive information opnion should
from intruders be network
 administrator

Identify the network that needs Network As needed
to be isolated from the internet Administrator
or other networks--and make sure
that it is physically separate
from rest of the network

PEOPLE

Educate internal end users about Management 6 months to
importance of securing resources 1 year
connected to the network

Educate external end users about Management 6 months to
importance of securing resources 1 year
connected to the network

IT Professionals should be IT Manager Periodically
regularly trained in what as needed
resources are critical and
needs to be secured on the
network

EQUIPMENT

Monitoring equipment need to IT Manager 30 days or
be regularly tested for its as needed
functionality and additional
monitoring equipment need
should be assessed

Test equipment need to be IT Manager 30 days or
regularly tested for its as needed
functionality and additional
test equipment need should be
assessed

Maintenance equipment need to IT Manager 30 days or
be regularly tested for its as needed
functionality and additional
maintenance equipment need
should be assessed

MATERIALS

Keep track of all hardware and IT Manager 6 months
make sure they are well secured
and in warranty

Keep track of all application DBA--IT Daily
and system software and make Manager in my
sure they are working as per opinion
specifications

ENVIRONMENT

Centralized environment DBA-My Daily
generally has a mainframe or Opinion should
a large computer that has all be Centralized
software and other components environment
on the network are simple Administrator
terminals

Identify various servers Data Weekly
(database, application etc.) Administrator
and sort out the information (DA)
distribution to specify
different levels of control
and accessibility. The servers
are not connected via networks
but each server has several
clients (independent networks
of client/server)

In distributed environment the Data Weekly
control is critical since all Administrator
the servers are connected via (DA)
network and determining who has
what level of access is
important

MEASUREMENT

Keep a log of the access to DA Daily
servers by individuals so that
any illegal access could be
identified

Continuously measure the DA Daily
performance of the servers and
clients--amount of data
processed, number accesses,
reason for accesses etc.

Continuously measure the DA Daily
performance of the Applications
on servers and clients--amount
of data processed, number
accesses, reason for accesses
etc.

ACTION TO BE TAKEN RESOURCES

METHOD

Setup the proper firewalls to DBAs should be trained to
secure the sensitive information identify proper places where
from intruders firewalls are needed

Identify the network that needs Provide training and proficiency
to be isolated from the internet to network administrators
or other networks--and make sure
that it is physically separate
from rest of the network

PEOPLE

Educate internal end users about Track internal end users and
importance of securing resources provide training and sense of
connected to the network awareness

Educate external end users about Track external end users and
importance of securing resources provide training and sense of
connected to the network awareness

IT Professionals should be Well-defined training programs
regularly trained in what for IT Professionals
resources are critical and
needs to be secured on the
network

EQUIPMENT

Monitoring equipment need to Increase budget to purchase
be regularly tested for its additional equipment and tools,
functionality and additional and to hire additional human
monitoring equipment need resources.
should be assessed

Test equipment need to be Increase budget to purchase
regularly tested for its additional equipment and tools,
functionality and additional and to hire additional human
test equipment need should be resources.
assessed

Maintenance equipment need to Increase budget to purchase
be regularly tested for its additional equipment and tools,
functionality and additional and to hire additional human
maintenance equipment need resources.
should be assessed

MATERIALS

Keep track of all hardware and Backup hardware and staff to
make sure they are well secured manage hardware
and in warranty

Keep track of all application Backup software in case of failure
and system software and make and skill staff to bring up the
sure they are working as per system
specifications

ENVIRONMENT

Centralized environment Should have a trained software
generally has a mainframe or personnel who understands the
a large computer that has all centralized control
software and other components
on the network are simple
terminals

Identify various servers DA should be trained to
(database, application etc.) understand the information
and sort out the information distribution on different servers
distribution to specify
different levels of control
and accessibility. The servers
are not connected via networks
but each server has several
clients (independent networks
of client/server)

In distributed environment the DA should be trained in
control is critical since all understanding the network
the servers are connected via architecture and information
network and determining who has distribution on various servers
what level of access is
important

MEASUREMENT

Keep a log of the access to Provide enough support to DA so
servers by individuals so that that the log is maintained
any illegal access could be regularly
identified

Continuously measure the Provide enough support to DA
performance of the servers and since performance of the network
clients--amount of data computing is important to running
processed, number accesses, business
reason for accesses etc.

Continuously measure the Provide enough support to DA
performance of the Applications since performance of the network
on servers and clients--amount computing is important to running
of data processed, number business
accesses, reason for accesses
etc.
COPYRIGHT 2009 The DreamCatchers Group, LLC
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2009 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:fishbone analysis
Author:Parayitam, Satyanarayana; Desai, Kiran; Desai, Mayur S.; Eason, Mary K.
Publication:Academy of Educational Leadership Journal
Article Type:Report
Geographic Code:1USA
Date:Jan 1, 2009
Words:6545
Previous Article:Faculty perceptions and encounters with disrespectful student behavior.
Next Article:Stress and academic performance: empirical evidence from university students.
Topics:


Related Articles
VIDEO: Tokyo Electron Develops Fishbone FFT Sensor.
Seven quality tools can help supervisors roll a winner.
Knowing the cause is half the battle: symptoms can be signposts on the route to curing problems.
Quality toolkit.
Aviation Security: A National Strategy and Other Actions Would Strengthen TSA's Efforts to Secure Commercial Airport Perimeters and Access Controls.

Terms of use | Copyright © 2015 Farlex, Inc. | Feedback | For webmasters