Review of Riaordan Security Systems Cmgt441

Review of Riaordan Security Systems Cmgt441

Riordan Manufacturing Security

Riordan Manufacturing retains facilities in San Jose, California, Albany, Georgia, Pontiac, Michigan, and Hangzhou, China. All of these locations currently include Internet connections without any security. Each location should add a perimeter firewall and intrusion protection system (IPS). Cisco switches are present on the internal network and can add a layer of firewall protection but are not protecting the edge of the network. Without perimeter firewalls, Riordan lacks the ability to control the type of traffic into its network. Firewalls need to be installed to allow trusted traffic only.

Firewalls are crucial to security, but do not provide 100% security. If an attacker infiltrates the network, utilization of additional technology solutions should help stop the attack in progress. IPS solutions can monitor, prevent or even thwart unauthorized traffic. Firewalls will be deployed on the edge of San Jose, China, Albany, Pontiac, and Georgia networks and IPS for monitoring and prevention inside the network.

Riordan Manufacturing currently stores data in various locations and forms. The sales staff stores their data on various digital formats to include individual personal computers and also on hard copy. To improve business functions and resolve the security risk, Riordan has initiatives to develop ERP and MRP systems.

These systems contain intellectual data and require further development and security. Secure-code training for the developers will help limit vulnerabilities that might otherwise become deeply embedded early in development. For applications that include confidential data, best practices for security maintenance would include web application firewalls and application security assessments.

In addition to needed firewalls, stricter protocols should be established for core system access. Servers should be located in more secure sections of each building with additional security available throughout the building. To help prevent a possible external building forced breach, the server room should be located at a more central location within the building; wall and badge/keycard door access should also be implemented. In addition to a more secure region in the building, the server and additional components should be locked within a closet to add additional protection. Adding a security officer station at each facility will be considered as well.

Currently, Riordan systems provide no protocols for remote access. Market trends indicate that the mobile use of laptops if not now, will become a considerable make up of client models. Users accessing the Riordan Manufacturing corporate domain from outside the central corporate offices will need to use a dual authentication method with a VPN client. An industry standard coupling such as Cisco Systems VPN or PCAnywhere VPN and ActivIdentity remote access tokens will provide the added user access security.

The remote sales staff will use laptops that include a higher risk of loss or theft. Laptops themselves add additional security issues; the loss of a laptop potentially creates the loss of both the equipment and data. In order to reduce the risk of proprietary data loss, all company laptops will need to utilize hard-drive encryption at all times. To offer the highest compatibility for current operating systems within the Riordan domain, Encryption Plus would provide one of the most practical solutions for this requirement.

The old marketing documents currently stored in file cabinets will be scanned and stored electronically for easy access. These documents need to be secured behind the firewall or in an encrypted database depending on critical nature of the data and severity of a breach.

Riordan Manufacturing currently suffers many security issues and is at risk with the growing business and electronic initiatives. Riordan continues to grow as a company and needs to add software to streamline business. The IT department and executives have developed many projects ranging from perimeter security and internal prevention to data encryption and physical security. Riordan's personnel must complete these initiatives to secure their environment accomplish their business objectives. These new security initiatives will further assist Riordan Manufacturing with the upcoming Sarbanes-Oxley (SOX) audit.

Riordan Data Security

Riordan Manufacturing is converting its data and documentation to a digital storage format to provide for increased security and business continuity. Data is stored in different formats and systems including the database, personal machines, and hard copy; these will eventually be stored and available on a central system.

Department Security Analysis

The marketing department archives past marketing documentation