Redline. AnOverview. Version: 2.1. Developed by aviation security professionals, built by software experts

Transcription

1 Redline AnOverview Developed by aviation security professionals, built by software experts Version: 2.1

2 Redline Security Management System (SeMS) introduction 1.1 Redline SeMS is a software framework with tailored functional area application Add-Ins. It is fully digitised, supporting electronic inputs where available, but also able to support existing paper processes with manual inputs if required. It is designed to provide a dashboard driven risk, compliance and process management tool that supports full drill down to data entry level. The system achieves this with the use of a flexible framework supported by a suite of functional Add-Ins that, together, deliver a complete SeMS systems. The comprehensive core and Add-In functionality can be tailored in accordance with client requirements. 1.3 After a 6-month development and tailoring activity, the first global client for Redline SeMS went live in February This client instance allows client site security representatives to complete their audits online using an interactive, intuitive web based audit form. The form has full data consistency and validation checking ensuring correction interpretation and completion of the audit questions. All audits are stored in a relational database allowing near real-time reporting and analysis at all levels from site trending to corporate analysis of global and regional performance. This allows an enter once, use everywhere implementation for all risk assessment audit data. 1.2 Redline SeMS is based on a flexible, web based cloud architecture, but also able to support a number of different hosting options to allow for different IT infrastructure and local data protection regulations. Redline SeMS runs on a wide variety of platforms, and supports multiple OSs (including ios) and browsers. 1.4 All system monitoring functionality is configurable in layout, content, and access permissions for user roles and all levels of management up to and including corporate dashboards. A Regulator dashboard is also available should clients wish to make a pre-defined selection of their SeMS data available for viewing by a Regulator. Figure 1 A representative Redline SeMS management Dashboard

3 1.5 Redline SeMS has at its heart a sophisticated and automated risk management system. Risks are created when vulnerability management failures are identified in any of the SeMS functional areas, and managed with the use of CAPs. They are categorized and grouped to allow instant appreciation, but full drilldown functionality allows any risk to be fully analysed. 1.6 Each testing activity within SeMS that can have a finding, whether it is automated or manual, is cross-referenced to all the potential vulnerabilities that apply should that test fail. Each level of non-conformance finding (managed by the Corrective Action Plan process) is allocated a vulnerability to exposure percentage, with allowance made for vulnerability exposure factors like repeat findings. This, when combined with the threat list, allows generation of risks with empirical values representing the level of risk for each of the risk categories, and the generation all attributes of the overall risk matrix.an issue can be examined: HR, subject criteria, equipment performance, procedures, and strengths and weaknesses. All risk, compliance, and KPI issues are tracked using an integral Corrective Action Plan (CAP) function. This allows detailed and conclusive identification of failure cause (human, equipment or procedural) and the making accurate and objectively measurable recommendations all tracked, with off-track highlighting to the dashboard The dashboard driven reporting system ensures that any deficiency in the security regime can be quickly highlighted, investigated, and rectified. Dashboard drilldown incorporates full inter and intra Add-In data transfer so that Figure 2 Overall risk matrix

4 1.8 All data held within Redline SeMS is displayed in a wide selection of views and reports to support overviews and detailed analysis. All views and reports are exportable to support production of, and direct inclusion in, reports and presentations. The figure below shows Audit Question failure numbers broken down by Audit Section for each site within a group. In this example, Section 11 is consistently scoring the highest number of question failures (non-compliances) and Site 4 has poor performance against Section 3 compared to the other sites. This kind of data comparison can be further used to drilldown to find the potential causes of the standout areas, process, training etc. by clicking on the relevant graph bar to reveal the next level down of analytics. 1.9 Core Redline SeMS framework functionality includes: Dashboards Documents Risk and Threat Management 1.10 Redline SeMS is currently being developed to support the following functional Add-Ins, with more planned. Assessments (audits, inspections, observations etc) Security Testing Training Screening HR Equipment Patrols and Incident Response Rostering All Add-Ins are tailorable to the needs of individual clients, including development of interfaces to allow data exchange to and from existing software based systems that form part Regulatory Access Panel Admin

5 Figure 3 A representative Redline SeMS management Dashboard Redline SeMS benefits 2.1 Redline SeMS provides the user entity with the following benefits: Threat and risk management Automatic assessment of risk categories based on unique metrics Automatic aggregation of all data inputs Full and complete drill down from top to bottom Automatic assignment of Corrective Action Plans and Root Cause analysis Automatic monitoring of the progress and implementation of Corrective Action Plans Automatic report generation Multi-track monitoring of all entity responsibilities Multi language capability Integration of existing systems Full technical support from Redline

6 Redline SeMS overview and architecture 3.1 The Redline SeMS users perspective is illustrated below: Data Analytics Dashboards, Reports, Data Views Views Data SeMS Interface Input devices Management Risks Compliance Processes KPIs Users Managers Figure 4 Redline SeMS Overview

7 3.2 Redline SeMS is built using Microsoft ASP.NET, MVC, SQL Server, and deployed to either Microsoft Azure in the cloud, or a local server. Data entry is supported online with an internet browser based interface, and offline using a client based application with automatic data synchronization when connected to the server. Devices and browsers Role based access permissions Website SQL Server Database Figure 5 Representative infrastructure When deployed to the cloud: Each client has a separate instance, only accessible only by them Database has geo redundant storage (GRS) IP access control available if required ISO27001 accredited Microsoft Azure hosting services used SSL certificated sites are used

8 Redline National Security Training Centre (NSTC), First Avenue, Robin Hood Airport, Doncaster, DN9 3RH P: +44 (0)