Security Enhancement Services
AIS Security Enhancement Services
Program Management Support (PMS)
Project Initiation -Getting a project off to a good start is important, especially given the time sensitive nature of current security projects. The start of many projects is often delayed due to the lack of a formal project initiation process. The tight deadlines of many projects make it necessary for the project to "hit the ground running." The Project Initiation meeting should include a representative from each team member. Primary goals of the Project Initiation meeting are to clarify questions from team members concerning the project Statement of Work, develop project charter, project scope, project plan, and initial working schedule, and modify and approve initial communication plan.
Project Security Pre-Assessment – The Gartner Group states "Too many organizations will under-assess the dimensions of risk, assets, and environment because they lack a decision framework. Important factors will be missed, resulting in wasted spending or preventable security incidents with material loss." Every project should start with a planning and prioritization event(s) with participation of all stakeholders; including senior management security team, other discipline leaders; the team’s management and subject matter experts and other stakeholders as required. The objectives of this event are to determine what information needs to be collected and how it will be collected, how it will be analyzed, and how it will be communicated. AIS will establish the overall goals of the process and identify concerns.
Project Collaboration - It is essential that airports and consultants collaborate to improve project communications and control. Through collaboration, both the airport and consultant teams can develop a common understanding of the scope, standards and expectations, schedules, and deliverables. AIS has developed web-based information management tools and procedures to allow project documentation to be managed in a secure environment, allowing collaboration among a geographically diverse team, and maintaining project documentation in a manner consistent with the rules and spirit of 49 CFR 1520 – Protection of Sensitive Security Information. These tools and this structure are meant to supplement the existing project management capabilities of the prime-contracting firm. Technology now makes it possible for everyone on the project to stay actively involved with the project, no matter where they happen to be located at the moment. Our PIMS (Precision Information Management System) product is multilingual.
Project Communications Management - Project communications and controls are the keys to successfully achieving project goals and to satisfying expectations of stakeholders: the client, TSA, the airlines and other tenants, public safety officials, and the flying public. AIS has the tools and knows the importance of adequate project communications, especially in the early formative stages of the project.
The AIS PIMS tool will provide a real- time safe, secure, and easy to use web-based tool for storing all project documentation files, providing on-line conferencing, listings for all public and private information inquiries, listings of project contracts, personnel, property owners, badge listings, access control, entry procedures, daily and advance schedules, milestone summaries, project status reports, alert messages, NOTAMS, utility GIS information, supplies, equipment, employment opportunities, maps, routes, local area impacts, construction entry information, weather, air quality, meeting minutes, change order documentation, correspondence, presentations, photo library, videos, schedules, and more. Our goal is to provide seamless information management from early project conception through construction and operation.
Team Building - AIS uses a team approach to combine the resources and experience of partner companies who bring focused skills to specialized areas of expertise. The Team Approach has proven highly effective when combined with AIS’ role as coordinator and facilitator. Our experience forming "virtual teams" allows us to integrate the efforts of several contractors or subcontractors. We can also help bring various team members together, help them work together more efficiently, communicate better and improve intra-team effectiveness.
Project Facilitation – The AIS project/program processes can be used in a variety of project types. AIS is prepared to support the prime contractor by ensuring that the project gets off to a fast start, follows a defined and documented process and that all information is kept in an organized, secure manner.
Contracts Review – Our experienced contract administration staff can offer invaluable insights into contract negotiation and subcontracting, especially in the areas of intellectual property protection and security.
Project Prioritization -The goal of prioritization is to identify the most significant vulnerability reductions at an appropriate cost for the airport. It is essential that airports prioritize and structure their master plan projects. This prioritization is accomplished by thoroughly understanding the airport’s operations and environment.
Emergency Plan Development – The Airport Security Plan and Airport Emergency Plan need to exist in an integrated manner. The major revision to FAR Part 107 issued in July, 2001, was moved to TSA in CFR 1542.301 and 1542.307 added the requirement to develop Contingency Plans for threats to aviation and to integrate these plans with the Airport Emergency Plan (AEP). Since "accidents", etc. can involve possible sabotage, virtually all of the FAA Part 139 AEP is in the realm of TSA requirements. Also required is annual coordination, with all participants, of the elements of the AEP — the annual "tabletop" exercise required in the past. Because of this required integration, the entire AEP will need to be reviewed.
Airport Security Plan (ASP) Development - Airport Security Plans must be dynamic and flexible to deal with all new and existing threats and constraints. In inspecting these facilities and operations to achieve a valid, comprehensive risk and vulnerability assessment, a logical systematic process must be utilized that analyzes all known and relevant threats, existing security regulations, existing business processes and resources, and innovative security system product and process enhancements.
ASP Review/Updates - In light of the events of September 11, 2001, most airport security plans will require significant revisions. Our process, which includes a review of the current airport security plan against existing FAA and TSA regulations, will highlight needed changes in the airport security plan to meet current standards. Risk analysis and vulnerability results can be incorporated to create an enhanced plan that exceeds minimum requirements. It will also be essential to coordinate this process with the Federal Security Director (FSD) for the airport in order to address changes and changes in interpretation.
Dependency Analysis - The AIS Dependency Analysis identifies relationships among security issues, organizational issues, business process issues, and resource issues as well as criticality of dependencies, and likelihood of failure, including related business activities in the surrounding areas.
Technology Inventory -The movement, collection and dissemination of information, whether it be voice, data or video, are essential to a secure, operationally efficient airport. Our team of experts is fully qualified to access all aspects of the current state of the data, communication and information systems to ensure that the IT infrastructure is sufficient to support the security driven upgrades and enhancements. Of equal importance is the management, operational, process and procedural aspects of moving, collecting and disseminating information. The IT infrastructure and its use at an airport are vital to security, management, communications, HVAC and other environmental components, business processes, operations and safety. IT infrastructure management and operations must be reliable under all situations, secure, efficient, maintainable and accessible, at the appropriate level of clearance and as the situation dictates, to all users. Security Technology is changing rapidly, and AIS experts will continue to monitor the latest available information in these systems.
Operations Inventory - Our team of experts will assess the current physical, operational and procedural aspects of security at the airports. An important aspect of security is ensuring that the culture of everyone is raised to a high level of awareness. A full security solution requires equal attention to the security systems, the operational security processes and procedures and an appropriate level of security consciousness by everyone who works at the airport. Our team of experts is fully qualified to identify, qualify and quantify airport processes, facility and business system performance, management risks and security threats and vulnerabilities and recommend physical, operational and procedural security solutions and improvements.
Process Mapping - AIS will map the locations of interdependent business activities to identify potential points of failure relative to appropriate geographic criticality and likelihood of failure. Process capacities and efficiencies must be noted before and after making facility, technology or process changes to ensure acceptable continuous levels of service.
Airport Security Assessment -Threat and vulnerability reduction requires active participation and analysis by a broad range of knowledgeable and focused Subject Matter Experts. Key disciplines will include planning, design and engineering, operations management, systems integration, and incident management. These disciplines will require input from security experts, risk management analysts, and threat assessment, detection, and mitigation experts. Technology specialists, financial analysts, legal analysts, architects, and construction managers will provide additional support. Our airport related tools have been certified to function effectively in other transportation facilities.
Airport Data Security Assessment – TSA has mandated that airport security planning be secured from public disclosure. Cyber-terrorism is a growing threat to the entire planning process. Access, communications, and data storage must be secure, while remaining accessible to the working staff. AIS has obtained the assistance of Oracle Corporation in providing a secure data process. Oracle has extensive experience in this area and has provided these services to the CIA, FBI, NSA, NASA, and other governmental agencies for an extended period of time.
Gap Analysis - Evaluate the gaps between current processes and the requirements for security and risk minimization. Through our extensive, and largely automated process, AIS will develop a compliance matrix relating local regulations and guidelines to governing specifications. A Gap Analysis report summarizing differences forms the basis for enhancing airport security.
The process, plans, and tools needed to mitigate known and unknown risks in an effort to reduce vulnerabilities. Risk management includes business continuity, contingency, incident management, as well as loss or fraud prevention from design through construction and operations.
Risk Data Collection - AIS methodology incorporates data relating to over 500 airport business processes and 400 airport technology systems, allowing an accurate interdependency-based assessment of airport security vulnerability through the use of the AISES database. Our comprehensive data collection questionnaires ensure that all relevant data is collected for each process and system.
Security Risk Assessment - The Security Risk Assessment is an activity based on a quantitative risk model that covers operation, environmental, and terrorist threats, and incorporates all airport functions, facilities, and processes. Included in the Security Risk Assessment is a quantitative estimate of expected loss from each predictable threat, and comprehensive Return-On-Investment (ROI) estimates on each action of threat or vulnerability reduction.
Risk Assessment - The AIS goal is to improve airport development management by adding risk assessment disciplines to the cost benefit analysis, and safety and operational assessments of airport program development. To achieve a valid, comprehensive risk and vulnerability assessment, AIS uses a logical and systematic process for analyzing facility designs and operations with known and relevant threats, existing security regulations, existing security processes and resources, innovative security system product and process enhancements, and constraints.
Risk Data Management – Airport planning must be a secure exercise. Cyber-terrorism is a growing concern in all airport development. AIS has secured the support of Oracle Corporation, who plans security for CIA, FBI, Dept. of Defense, etc. in these efforts.
Risk Modeling - Our risk-modeling experts will work with the team to develop the airport-specific risk models that will analyze the data and assess the risks of plan alternatives. The cost of risk assessment modeling will provide the prioritization basis for future project funding and scheduling. The clients’ management must be included in the risk model development to ensure an effective use of limited risk management resources.
Threat Assessment - While the attacks of 9/11 have focused the nation’s attention on the threat from multinational organizations such as the al-Qaida, a threat and vulnerability assessment needs to consider all viable threats: terrorist, non-terrorist, criminal, and the emotionally vulnerable. Federal agencies like the FBI, CIA, NSA, other law enforcement, military, Department of Defense, Department of Energy, and many others are expert in qualifying threats. AIS assessment processes and tools can integrate the information from these outside groups regarding threats and risks with our systematic analysis of all operational business process vulnerabilities, and develop appropriate, reasonable solutions to minimize the likelihood of enemy success, while limiting serious disruptions or limitations to ongoing business processes.
Threat Modeling - The terrorists will use available weapons and methods that are least likely to be detected and/or neutralized. The prior use of a technique or weapon does not negate the probability that a subsequent attack would use the same or similar tactics. However, as detection and neutralization methods are developed that would counter a previous attack, terrorists will change their methods to attack another target while attention is focused on solving the previous incident. The AIS Team is experienced in recognition of nuclear, explosive, biological, chemical, technological, personnel and weapons threats that require assessment.
Quantified Risk Management - Each threat must be prioritized so more serious threats can be dealt with before the less relevant ones. AIS risk management specialists will construct a quantitative risk model covering operational, environmental, and terrorist threats, and incorporating airport functions, facilities, and processes to provide an estimate of expected loss using the quantitative risk model to develop ROI estimates of alternative solutions with sufficient detail to identify the optimum solutions and prioritize the most important vulnerability reductions.
Incident Command System Development
Roles Definition - In order to develop a process and tie it to the problems faced by the client, it is necessary to review the existing conditions, develop an understanding of project goals from the clients’ management perspective, and identify constraints imposed by others, such as TSA, public, etc. By understanding the issues from the viewpoint of the client, we are better able to identify solutions and approaches that will be beneficial for the success of the project.
Incident Definition –The listing of threats and vulnerabilities is constantly changing in this very dynamic time. This computer-assisted task is manageable with the discipline of looking at facilities, operations, technology and management with the eyes not only of architects and engineers, but also of risk managers, terrorism threat experts, finance and legal experts.
Checklist Development - A list of tasks relating anticipated problems and appropriate reactions will be prioritized and interdependencies between tasks will be identified to avoid duplication of effort.
Resource Inventory Development – Response to incidents is only as good as the planning. Each airport must know what resources are available and where the resources are located to deal with each incident.
Documentation Assembly - The Airport Security Plan, FAA/TSA requirements, airline and tenant security requirements, as well as the high-level policies and detailed plans, guidelines and procedures of the city, county, and airport authority all provide a roadmap. Integrating all this information into usable decision support data is a dynamic challenge. AIS can gather this information and integrate it into a single useable resource.
Business Continuity Planning - Once a gap analysis has been completed, the continuity plans can be prepared. A dependency analysis includes a failure mode and failure impact review. Using the AISES program, these data are then used to prepare contingency plans specifying what actions need to be taken, who will participate, what reports or records need to be documented, etc.
Contingency Planning - Transportation-related contingencies occur with little forewarning and their impacts range from low level to catastrophic. Any plan or process developed to contain, resolve, and mitigate contingencies must be effective throughout the full range of potential incidents. Effective contingency planning involves risk assessment, resource management, design engineering, financial planning, business continuity planning, training, allocation of responsibility, communications management, legal review, and incident management. A contingency plan must be economical, but with a thorough assessment of possible threats. A realistic assessment of the business and operational capabilities including a dependency analysis to recognize secondary and tertiary cascading operational impacts, team and resource schedules to provide the appropriate responses, and command and control authorities empowered to direct the total crisis management arena.
Evacuation Planning - Evacuation planning is an extension of contingency and incident management. Evacuation plans need to be prepared for natural problems, such as dispersion of aircraft when faced with a hurricane or flood, and unnatural problems, such as chemical or biological contamination in an HVAC or water system.
Incident Management - Incident or crisis management is the process of controlling communications and the assignment of resources to resolve actual problems or issues, and providing the guidelines necessary to continue to operate unaffected areas or to cease operations as required.
System Design - AIS has the expertise in IT system design to test and evaluate current, and recommend proposed systems.
AIS Support Tools
AISES Database – Analyzes and integrates operations, business, technology, management and external factor dependency information to empower project and airport management team to improved management.
PIMS – Manages all project information for communications, collaboration and archive.
Project Estimator – Statistically analyzes all project data to more accurately determine likelihood of budget and schedule compliance.
CAPTURE - Manages business continuity, contingency and incident management activities.
The AIS difference is our proven logical, systematic and comprehensive methodology of capturing operational, technical and organizational data. This information is then loaded into the AISES™ database that systematically stores and organizes the airport data. This methodology provides decision support for AIS’s strategic business and technology planning. With this backbone of airport-specific information; business, operational and technology decisions can be efficiently made and validated with confidence. This comprehensive information base assists airport management in making the most qualified and quantified planning and management decisions for the airport.
Airport Integrated Systems. 6060 S. Biscay St. Centennial, CO 80016