Security Plan for Riordan Manufacturing - Case Study Example

Riordan Manufacturing Company al Affiliation) INTRODUCTION This assignment provides a security review and recommends a business security plan for Riordan Manufacturing. Security reviews have been performed from an examination of the current network, data, and web security. Riordan is faced with specific security issues relative to network, data, and Web security. These issues are attributable to the recent Sarbanes-Oxley (SOX) requirements. Compliance with these requirements is complex. Documentation and testing of a company’s internal controls is required. Riordan manufacturing is required to have the expected requirements for an upcoming audit. The physical and network, data, and Web security requires revision and updates of several elements of the Company’s information systems (Serpanos, & Wolf, 2011). The Sarbanes-Oxley Act requires all publicly listed companies to present reliable financial information. The act does not require such companies to secure their private information; however, security controls enhance the integrity of reporting in them. DISCUSSION Riordan Manufacturing conducts analysis over its physical and network security across all its plants. The company’s corporate headquarters are located in San Jose; where all activities involving research and development are carried out. Other plants are: Plastic beverage containers plant-Albany, Georgia Customs plastic plant-Pontiac, Michigan Plastic fan parts plant-Hangzhou, China. A security review of the current networks will be conducted and the relevant recommendations given to specify the specific security issues that Riordan Manufacturing needs to address in respect to network, data, and Web security. The manufacturing sector is dynamic. Riordan has to be at par with the latest technology to attend to the needs of its clients. Riordan’s telecommunication and data networking systems require continuous upgrading to support the company’s growth needs (Serpanos, & Wolf, 2011). Information can be derived about the existing network systems from the attached images. An examination of the existing network indicates security concerns that the company needs to address. Riordan Manufacturing relies heavily on its communication networks across all plant locations. This is the reason as to why the existing network architecture requires updated documentation. Existing network San Jose and China The network structure between the headquarters and the China plant is similar. 35 ea Dell Optiplex PCs are connected to a 100 BT Ethernet cable with an edge router transmitting signals to outside network. Signals are transmitted on a full T3 line. These computers are connected into the network through a star bus topology, to create a versatile network environment. Workstations are connected to the network through one, 24-port hub and 2ea, 24-port switches that run on the 100 base T Ethernet lines. Both locations contain satellite connection. Security issues and recommendations The Star-Bus topology is outdated; there is too much dependency on the central device (switch) such that if it fails, the whole network fails. Traffic within the networks is not controlled efficiently; since hubs that exist throughout the network are inefficient. The computers connected to the networks use outdated operating software (windows 2007). This operating system is not updated regularly. For such a complex network, the computers require an advanced operating system that requires regular updates for it to run. The research and development network, in these locations connect to a 1 GB fiber backbone that accommodates 15 additional users running on an unidentified MAC platform with its own Windows network server. These designs do not employ firewalls on the networks. This means that the web server and the site it hosts are highly prone to security risk (Serpanos, & Wolf, 2011). Web servers should be maintained, web applications updated, and web sites coded to limit the kind of data that can go through it. This would establish the required degree of web security. Considering the cost of satellite, additional equipment could stress the company’s financial base. The San Jose plant can be accessed by using the China plant’s internet connection. Accessing the headquarters through this link should activate in case the satellite connection fails. The Corporate Headquarters network design should replace the 24-port hub with a 24-port switch. The two gateway switches should be integrated so as to effectively connect and translate communications between the research and development LAN and the inter-office LAN. From the diagrams, China has a, 24-port hub; which connect the network to the factory floor. This hub should be replaced with a, 24-port switches. The star bus topology should be replaced with a mesh topology. The cost and high redundancy full mesh topology renders it impractical in most companies. A partial mesh topology should replace the star bus topology. Albany and Pontiac Major difference between these two networks is; while in Albany 20 office computers and 2 network printers are connected to one, 48 port patch panels, 45 client computers and 5 network printers are connected to the three, 24 port patch panels in Pontiac. All networks are chained to comprise the backbone in a star topology. 100 base T Ethernet cables with 100Mbps switches connect multiple routing devices in Albany. They both have a T2 connection to the corporate headquarters. Security issues and recommendations In these locations, reliability of the whole network is at risk. These networks lack secure Virtual Private Network (VPN) or remote access. The security of the networks is vulnerable to threats from exposure. Web security techniques should be employed in the network. This would protect the entire network system from malware attacks. Websites should be coded and data encrypted to ensure that only authorized personnel can access information from this network (Serpanos, & Wolf, 2011). GENERAL RECOMMENDATIONS Riordan Manufacturing should initiate a security policy system to consolidate all departmental data. The basic network design in all locations should be restructured. The company should upgrade the digital circuits to reduce disruptions within the current configuration. Web security should incorporate internet access security, safe web browsing techniques, and internet email security. To increase data security, Riordan Manufacturing should incorporate data encryption software; such as, Symantec endpoint encryption (Serpanos, & Wolf, 2011). Thus software would convert data into ciphertext. This will ensure that data cannot be understood by unauthorized people. Network systems are often ‘vandalized’ by hackers. This software would offer sufficient, enterprise-wide security by using access control and powerful encryption. The company should also employ a data backup and recovery plan. This is an insurance plan; data is accidentally deleted, it can become corrupt, or natural disaster may destroy it. A solid data backup and recovery plan would help the company recover from any of the above contingencies. Web security is of major concern to the company, since web sites are highly vulnerable to security risks. Riordan Manufacturing’s ‘backbone’ lies mostly on networks to which servers are connected. The company should adopt ‘Websense Web security’ to block all web threats. This form of web security is suitable for reducing malware infections and to ‘free up, valuable IT resources. To secure the four networks, a firewall solution should be implemented. This firewall will secure all entrances to the network. Firewalls, encryption, and VPNs are the best technological advancements that Riordan Manufacturing Company should adopt to address network, data, and web security concerns. BUSINESS REQUIREMENTS PLAN SOX require publicly listed companies to protect information systems. This requirement is critical in ensuring the effectiveness of internal controls over financial reporting. Failure to adopt security controls over network, data, and the Web, users can; Commit fraud, Record unauthorized transactions, Corrupt financial data, and Perform activities that do not match their responsibilities. Riordan Manufacturing has four delicate business requirements that need to be addressed for an upcoming audit. These requirements are: Government compliance, Integrated accounts receivable and accounts payable, Compatibility in the Finance and Accounting Systems, and Scanning transactional information among, inventory, vendors, and Finance and Accounting Systems. Finance and Accounting A mismatch in systems causes havoc in the finance and accounting system. This situation does not allow Riordan to reconcile the monthly ledger for 10-15 days. This delay creates massive manpower requirements in various departments; which in turn creates a financial burden on the whole company. This causal-effect relationship of a mismatch in systems is possibly a legal liability. Increased manpower in operations makes the processes prone to error, hence, additional liabilities. Government compliance This is a legal requirement. To satisfy this requirement, Sarbanes-Oxley and 550 reporting is required. Data compiled from each site has to be accurate, automatic, and satisfactory. Government compliance evolves continuously, and Riordan Manufacturing must be ready to grow in this area. Integrated Accounts Receivable and payable Incompatibility in the finance and accounting systems affects accounts receivables and accounts payables. Independent billing systems in each plant should interact with each other. Corporate headquarters should be able to view the overall assets and financial liabilities of the entire company. Any arising issues can then be addressed by Company Executives. Consolidated billing and invoicing means that the plants would have to perform the same function; but in different formats. Each plant should have access to the centralized database. Customer tracking would be simplified, whereas, a data mart would enhance forecasting and trending. Process design The Pontiac and Albany plants should be modeled after the San Jose and China plants. This design will enhance the ability to mirror all plants. In case of a failure in one plant, data can be recovered from the Network Attached Storage (NAS) to revive the plant’s operation. Software should be upgraded to the acceptable level for efficient operation of systems. A common topology across all network designs will allow the creation of data marts for common reporting. Data sources will be homogenous across marketing, human resource, accounting, finance, and operations. Network and database management systems take a smaller proportion of maintenance costs than before. Inventory management Bar code scanners should be implemented across all manufacturing stock points and receiving areas. Electronic scanning would eliminate incidences of misplaced products within the manufacturing process. Delivery notification can be enhanced by using Electronic Data Interchange (EDI). By tying all the plants to each other, their interaction would significantly reduce warehouse costs. Riordan Manufacturing currently uses manual forms at various areas in inventory management and billing systems. These areas must be automated. Real customer orders have to be tied to material requirements with a computed safety stock. There is need for coordination between the San Jose headquarters and the other plants in customer orders, and shipping data. This requires that the ordering system be automated at each manufacturing site. Information Systems Audit and Control Association (ISACA) promotes the use of COBIT. This is a generally acceptable standard for information technology security and control practices. This standard, when incorporated with Riordan Management Company’s business requirement plan, can align information technology resources with the company’s business objectives. Based on the designs above and their respective security issues, the current network infrastructure requires advanced technological improvements. The main business target of Riordan Manufacturing is to enable a smooth flow of information within all plants. All the plants should have their network configurations standardized. Reference Serpanos, D. N., & Wolf, T. (2011). Architecture of network systems. Burlington, MA: Morgan Kaufmann. Read More