LEAN FIRE MANAGEMENT: A FOCUSED ANALYSIS OF THE INCIDENT COMMAND SYSTEM BASED ON TOYOTA PRODUCTION SYSTEM PRINCIPLES

Fugate, Jeremiah S

01 January 2014

A primary role of the Incident Command System is to learn from past incidents, as illustrated by its origins in the wildland firefighting community. Successful emergency response operations under the Incident Command System has prompted its nationwide spread, this promulgation critically relies on the system’s capability to stabilize and continuously improve various aspects of emergency response through effective organizational learning. The objective of this study is to evaluate the potential to apply fundamental principles of the Toyota Production System (Lean manufacturing) to improve learning effectiveness within the Incident Command System. An in-depth review of literature and training documents regarding both systems revealed common goals and functional similarities, including the importance of continuous improvement. While these similarities point to the validity of applying Lean principles to the Incident Command System, a focus on the systematic learning function of the Incident Command System culminated in the discovery of gaps in approaches proposed by the Incident Command System framework. As a result, recommendations are made for adjustments in systematic problem solving to adapt Lean principles of root cause analysis and emphasis on standardization of successful countermeasures to benefit the system. Future recommendations are also proposed based on the author’s understanding of the system.

Incident Command System

Fire Management

Lean Manufacturing

Toyota Production System

Lean Systems Program

Manufacturing

Operational Research

Systems Engineering

An analysis of the incident management system and domestic terrorism incidents

Reeder, Andrew Ernest

January 1999

This project focuses on the Incident Management System (IMS) and how it was used to manage the Oklahoma City, World Trade Center, and Lafayette, IN terrorism incidents. The Incident Management System is used by emergency response agencies to manage the scene of a disaster and consists of eight management components which are: Modular Organization, Integrated Communications, Common Terminology, Unified Command Structure, Consolidated Action Plans, Manageable Span of Control, Designated Incident Facilities, and Comprehensive Resource Management. Through journal articles and interviews, this project assesses observations that occurred during the response phase of each terrorism incident. These observations are then categorized under each of the IMS components to determine whether unique, or more complex procedures occurred with terrorism, as compared to other types of emergency disasters. This study further explores why the IMS is important to communities, and why a community's comprehensive plan should include goals and risk management studies that affect a community's ability to effectively respond to a terrorism incident. / Department of Urban Planning

Configuration management data base in an information and communication technology environment / T.J. Medupe.

Medupe, Tsietsi Jacob

January 2009

There are more requirements for business to be able to run its operations successfully in terms of legal compliance and revenue streams optimisations. Businesses are placing high demands on Information and Communication Technology (ICT) to adapt to changing conditions. However, ICT organisations tasked with providing increased service levels at lower costs do not have the resources to reinvent itself with every technological or regulatory change. Without frameworks in place to leverage automation and best practices, these ICT, organisations are consumed with the day-to-day operations of ICT with little time and few resources left to develop new services that add value to the business. There is, therefore, a definite requirement for a central repository system in order to enhance ICT service delivery and strategy for continuing to improve service, lowering per-service delivery costs and enabling ICT organisations to bring new services that support competitive advantages. The company of choice in the study is Sentech, which has recently adopted some of the Information Technology Infrastructure Library (ITIL) processes; these are service desk, incident management, and change management. The company is still in the middle of deciding on whether to implement the configuration management process which will eventually lead to Configuration Management Database (CMDB). This study attempted to indicate the role and the importance of running the CMDB together with the rest of other ITI L processes. The study also indicated how the other processes cannot function effectively without a proper CMDB platform. The primary objective of the study was to identify the importance and the role of CMDB in an ICT environment. The organisation implemented a number of processes such as configuration and change management. To be successful with using the ITIL change management process, it is important that the people, processes, and technologies work together in a coordinated manner to overcome the political roadblocks that usually inhibit cooperation between groups in the same organisation. The study has indicated that the current ITIL processes, such as change management are not achieving the required results due to a lack of proper CMDB. General recommendations on the implementation of the CMOB based on the study were: •Get executive and Board of Directors' support on the implementation of CMOB. •The organisation needs to redefine the role of the General Manager - ICT to a more appropriate role of Chief Information Officer reporting directly to the board. •The organisation must define detailed business processes and procedures. •The organisation must set a clear scope of the CMOB. •The relevant stakeholders on the CMOB must be identified . •A full state of the current ICT processes must be determined. •The business case on the CMOS must be formulated and documented. •Set goals on what the CMOB will have to achieve. •The organisation must create a plan on the implementation of the CMOB. •Identify responsibilities on maintaining the CMOS. •Create awareness within the organisation around CMOB. •Training on CMOB must be offered to the personnel. •The organisation must baseline all ICT assets. •Plan for ongoing management of the CMOB. It is believed that the objective of the study has been met. From the investigation, it has been clear that there is a dire need for an implementation of a central repository system like the CMOS to support other service delivery and support processes. If the recommendations are implemented within Sentech, the company will secure a more effective and efficient service delivery on the ICT platform. Furthermore, Sentech can become an ICT leader and gain a competitive advantage over its fellow competitors. / Thesis (M.B.A.)--North-West University, Vaal Triangle Campus, 2010.

Service desk

Incident management

Change management

Configuration management database

Information and communication technology

Sentech

Configuration management data base in an information and communication technology environment / T.J. Medupe.

Medupe, Tsietsi Jacob

January 2009

There are more requirements for business to be able to run its operations successfully in terms of legal compliance and revenue streams optimisations. Businesses are placing high demands on Information and Communication Technology (ICT) to adapt to changing conditions. However, ICT organisations tasked with providing increased service levels at lower costs do not have the resources to reinvent itself with every technological or regulatory change. Without frameworks in place to leverage automation and best practices, these ICT, organisations are consumed with the day-to-day operations of ICT with little time and few resources left to develop new services that add value to the business. There is, therefore, a definite requirement for a central repository system in order to enhance ICT service delivery and strategy for continuing to improve service, lowering per-service delivery costs and enabling ICT organisations to bring new services that support competitive advantages. The company of choice in the study is Sentech, which has recently adopted some of the Information Technology Infrastructure Library (ITIL) processes; these are service desk, incident management, and change management. The company is still in the middle of deciding on whether to implement the configuration management process which will eventually lead to Configuration Management Database (CMDB). This study attempted to indicate the role and the importance of running the CMDB together with the rest of other ITI L processes. The study also indicated how the other processes cannot function effectively without a proper CMDB platform. The primary objective of the study was to identify the importance and the role of CMDB in an ICT environment. The organisation implemented a number of processes such as configuration and change management. To be successful with using the ITIL change management process, it is important that the people, processes, and technologies work together in a coordinated manner to overcome the political roadblocks that usually inhibit cooperation between groups in the same organisation. The study has indicated that the current ITIL processes, such as change management are not achieving the required results due to a lack of proper CMDB. General recommendations on the implementation of the CMOB based on the study were: •Get executive and Board of Directors' support on the implementation of CMOB. •The organisation needs to redefine the role of the General Manager - ICT to a more appropriate role of Chief Information Officer reporting directly to the board. •The organisation must define detailed business processes and procedures. •The organisation must set a clear scope of the CMOB. •The relevant stakeholders on the CMOB must be identified . •A full state of the current ICT processes must be determined. •The business case on the CMOS must be formulated and documented. •Set goals on what the CMOB will have to achieve. •The organisation must create a plan on the implementation of the CMOB. •Identify responsibilities on maintaining the CMOS. •Create awareness within the organisation around CMOB. •Training on CMOB must be offered to the personnel. •The organisation must baseline all ICT assets. •Plan for ongoing management of the CMOB. It is believed that the objective of the study has been met. From the investigation, it has been clear that there is a dire need for an implementation of a central repository system like the CMOS to support other service delivery and support processes. If the recommendations are implemented within Sentech, the company will secure a more effective and efficient service delivery on the ICT platform. Furthermore, Sentech can become an ICT leader and gain a competitive advantage over its fellow competitors. / Thesis (M.B.A.)--North-West University, Vaal Triangle Campus, 2010.

Service desk

Incident management

Change management

Configuration management database

Information and communication technology

Sentech

The truth in the fictions: the exploration of the Chūshingura world.

Katsumata, Yuriko

29 November 2011

This thesis explores the world of Chūshingura. It is a story based on the actual vendetta referred to as "the Akō incident" which occurred on December 14th of 1702. The forty-seven Akō rōnin (masterless samurai) avenged their lord‘s death on Kira Yoshinaka, a high-ranking official of the Tokugawa bakufu. They were the former vassals of Asano Naganori, daimyō (feudal lord) of the Akō han (domain), who was forced to commit seppuku (suicide by disembowelment) as a punishment for attacking Kira in Edo Castle on March 14th of 1701. The Asano vassals became rōnin. They believed that this affair was a kenka (fight), but Kira was declared innocent. Infuriated by the unfair bakufu judgement, the Akō rōnin led by Ōishi Kranosuke, karō (chief retainer) of the Akō han, successfully carried out the vendetta. A month and a half later, all the vendetta league members were sentenced to seppuku. This incident had a strong impact on the people in the peaceful Genroku era and it has since been taken up in various forms of entertainment and art. Among them, a kabuki and jōruri play (Japanese traditional puppet play) Kanadehon Chūshingura has maintained an unsurpassed status since its first performance in 1748. After Kanadehon, the term Chūshingura has become the title of almost all the Akō-mono (works with the theme of the Akō incident). However, this play mainly depicts the fate of fictional characters outside the vendetta league. The first purpose of this thesis is to investigate the reasons for the long-lasting popularity of Kanadehon as the most representative Chūshingura story, in spite of the clear absence of historical facts. As the second purpose, this thesis will examine the recent polarization trend in Chūshingura productions. Until a few decades ago, the straightforward vendetta stories with Ōishi the hero versus Kira the villain boasted overwhelming popularity. While the popularity of these ―orthodox‖ stories is rapidly diminishing, Chūshingura stories with diverse perspectives, such as those featuring defectors, have been steadily increasing in the modern age. Performances of Chūshingura parodies written by Tsuruya Nanboku IV in the early 1800s are also increasing both in traditional and contemporary plays. After having investigated this polarization trend and ascertained its reasons, I will try to forecast the future of Chūshingura. / Graduate

Akō incident

Chūshingura

revenge story

kabuki

jōruri

Kanadehon Chūshingura

Genroku Chūshingura

Tsuruya Nanboku IV

Tōkaidō Yotsuya Kaidan

First responder weapons of mass destruction training using massively multiplayer on-line gaming

Richardson, Thomas J.

January 2004

Thesis (M.A.)--Naval Postgraduate School, 2004. / Title from title page of source document (viewed on April 23, 2008). Includes bibliographical references (p. 105-113).

The face of what came after memorialization of September 11 in news images and the Shanksville site /

Britten, G. Robert.

January 2008

Thesis (Ph. D.)--University of Missouri-Columbia, 2008. / The entire dissertation/thesis text is included in the research.pdf file; the official abstract appears in the short.pdf file (which also appears in the research.pdf); a non-technical general description, or public abstract, appears in the public.pdf file. Title from title screen of research.pdf file (viewed on July 22, 2009) Includes bibliographical references.

Measuring the impact of information security awareness on social networks through password cracking

Okesola, Julius Olatunji

12 1900

Since social networks (SNs) have become a global phenomenon in almost every industry, including airlines and banking, their security has been a major concern to most stakeholders. Several security techniques have been invented towards this but information security awareness (hereafter “awareness”) remains the most essential amongst all. This is because users, an important component of awareness, are a big problem on the SNs regardless of the technical security implemented. For SNs to improve on their awareness techniques or even determine the effectiveness of these security techniques, many measurement and evaluation techniques are in place to ascertain that controls are working as intended. While some of these awareness measurement techniques are inexpensive, effective and efficient to some extent, they are all incident-driven as they are based on the occurrence of (an) incident(s). In addition, these awareness measurement techniques may not present a true reflection of awareness, since many cyber incidents are often not reported. Hence, they are generally adjudged to be post mortem and risk-permissive. These limitations are major and unacceptable in some industries such as insurance, airlines and banking, where the risk tolerance level is at its lowest. This study therefore aims to employ a technical method to develop a non-incident statistics approach of measuring awareness efforts. Rather than evaluating the effectiveness of awareness efforts by the success of attacks or occurrence of an event, password cracking is presented and implemented to proactively measure the impacts of awareness techniques in SNs. The research encompasses the development and implementation of an SN – sOcialistOnline, the literature review of the past related works, indirect observation (available information), survey (as a questionnaire in a quiz template), and statistical analysis. Consequently, measurement of awareness efforts is shifted from detective and corrective paradigms to preventive and anticipatory paradigms, which are the preferred information security approaches going by their proactive nature. / Engineering, Science and Technology / D. Phil (Computer Science)

Awareness effort

Impact

Measurement techniques

Non-incident statistics approach

Password cracking

Quiz template

Risk permissive

SNs

Socialist Online

Prevention of Cyber Security Incidents within the Public Sector : A qualitative case study of two public organizations and their way towards a sustainable cyber climate / Förebyggandet av cybersäkerhetsincidenter inom offentlig sektor : En kvalitativ fallstudie av två offentliga organisationer och deras väg mot ett hållbart cyber klimat

Enocson, Julia, Söderholm, Linnéa

January 2018

Title: Prevention of Cyber Security Incidents within the Public Sector - A qualitative case study of two public organizations and their way towards a sustainable cyber climate Authors: Julia Enocson and Linnéa Söderholm Supervisor: Ida Lindgren Keywords: Cyber Security, Incident, Prevention, Public Sector, IT Security, Information Security Background: In today’s digital environment it has become crucial for organizations to protect themselves against cyber security attacks and incidents. Emerging technologies pose security risks and the number of cyber security incidents are increasing. Within the public sector it is considered as one of the most challenging phenomenons that governments face today, and awareness is limited. However, studies show that a majority of cyber security incidents could have been prevented. In addition, evidence indicates that incidents often occurs due to internal actions, and not external threats. Purpose: The purpose of our study is to identify factors that may impact public organizations’ capability to prevent cyber security incidents, and subsequently how they could work towards maintaining a proactive prevention. Methodology: This study has adopted a qualitative research strategy with the design of a case study of cyber security incident prevention in the public sector, examined through two organizations. In order to collect empirical data, semi-structured interviews were conducted. Conclusion: In this study we have, based on previous literature and empirical data, identified seven influential factors that may be of importance for public organizations to take into consideration when working with cyber security incident prevention. Our findings have subsequently resulted in insights that may inspire public organizations as to how they could work proactively towards preventing incidents. The identified factors revolve around the importance of performing internal and external analyses, defining roles and responsibilities, formulating goals and regulatory documents, educating and communicating to employees, the aspect of organizational culture, and consistent evaluation. How, and to what extent, public organizations work with these factors, indicate the level of preparation to prevent future cyber security incidents.

Cyber Security

Incident

Prevention

Public Sector

IT Security

Information Security

Övrig annan samhällsvetenskap

Gerência pró-ativa de incidentes de segurança através da quantificação de dados e da utilização de métodos estatísticos multivariados

Amaral, Érico Marcelo Hoff do

08 March 2010

Its recognized that in the organizations the information has become an asset of paramount importance. Analyzing this trend, one realizes that, in the same way, the evolution and dynamics of the threats and security incidents on this asset is an indisputable fact. Moreover, its essential that those responsible for organizational management in the companies strive to monitor the incidents related to the area of Information Technology (IT), acting in a timely manner about these issues, treating them in a proactive and intelligent, way allowing the accurate and rapid decisions, aimed at ensuring continuity of business. This paper presents a tool for incident management related to it service and systems, called SDvPC (Service Desk via Portal Corporativo), which includes a Service Desk to a corporate portal and provides in a centralized way, formal procedures for reporting and scheduling the problems identified by users in an organization. The tool helps to ensure that the weaknesses of the organization are reported in a quickly and simply, as soon as possible, and allows proactive management of incidents in the area of IT to explore the quantification of qualitative data collected in the Service Desk and the grouping of incidents using multivariate analysis. As a result, SDvPC allows the tacit knowledge of the failures, shortcomings and difficulties attached to the IT services and systems in an organizational environment, providing vision and strategic planning on the activities of the support area. / É reconhecido que no cenário atual das organizações a informação tornou-se um ativo de suma importância. Analisando esta tendência, percebe-se que, da mesma forma, a evolução e o dinamismo das ameaças e incidentes de segurança sobre este ativo é um fato incontestável. É fundamental que os responsáveis pela gestão organizacional das empresas envidem esforços para monitorar os incidentes relacionados à área de Tecnologia da Informação (TI), atuando de forma pontual sobre esses problemas, tratando-os de maneira pró-ativa e inteligente, possibilitando assim a tomada de decisões precisas e rápidas, objetivando a garantia de continuidade do negócio. Esta dissertação apresenta uma ferramenta de gestão de incidentes relacionados a serviços e sistemas de TI, denominada SDvPC (Service Desk via Portal Corporativo), que integra um sistema de Service Desk a um Portal Corporativo e disponibiliza, de forma centralizada, procedimentos formais de reporte e escalonamento dos problemas identificados pelos usuários em uma organização. O SDvPC auxilia para que as fragilidades da organização sejam notificadas de maneira ágil e simples, tão logo quanto possível, e permite a gestão próativa de incidentes na área de TI ao explorar a quantificação dos dados qualitativos coletados no Service Desk e o agrupamento dos incidentes através da análise multivariada. Como resultado, esta ferramenta possibilita o conhecimento tácito da falhas, deficiências e dificuldades agregadas aos serviços e sistemas de TI em um ambiente organizacional, possibilitando a visão e o planejamento estratégico sobre as atividades da área de suporte.

Gestão de incidentes

Estatística multivariada

Apoio a decisão

Portal corporativo

Incident management

Multivariate statistics

Decision Support

Corporate portal