Information Systems (IS) Risk Management Paper

Resource: Overview of Information Systems and Technology Paper assignment from Week One

Review the information selected for the Overview of Information Systems and Technology Paper assignment from Week One.

Explore your system’s vulnerabilities, and address the nature of potential internal and external threats and natural or unintended events that may jeopardize it.

Determine what levels of security are appropriate to secure the information system while allowing a maximum amount of uninterrupted workflow.

Write a 1,400- to 2,100-word paper that describes principles of risk management as they pertain to the chosen system and its associated technology.

Format your paper consistent with APA guidelines.

Running Head: INFORMATION SYSTEMS AND TECHNOLOGY 2

 

Page 1

INFORMATION SYSTEMS AND TECHNOLOGY 2

 

 

 

 

 

 

 

 

 

Information Systems and Technology

Sandy Davis

AJS/524

April 12, 2018

Steve Nance

 

 

 

 

 

 

 

 

 

 

Information Systems and Technology

Introduction

Riordan Manufacturing recently went through a company reorganization. After being moved to the position of information technology (IT) assistant project director, the first assignment was to perform research associated to the company’s IT infrastructure in the new office in Seattle, Washington. This paper will report the company’s IT systems and their functions, as wells as describe one of the major systems that Riordan Manufacturing uses for their global interconnectivity. It will then report the findings of a potential failure of the described system. The report will end with the reasons behind needing to protect the product and the consequences of insufficient security.

Founded by Dr. Riordan in 1991, Riordan Manufacturing globally manufactures plastic.

The headquarters is in San Jose, CA. And three plants located in Pontiac, MI., Albany, GA., and China. These locations are interconnected by a WAN. “The WAN connection between corporate headquarters and the China facility is specifically defines as a satellite link” (Riordan Manufacturing, 2013). Although the company needs a renovated IT infrastructure, they do not have the money necessary for the new system. Currently, each plant has several network connections and each location network has a unique layout. The shortage of security plans and practices are the main worries, in regards to the networks, that Riordan has. With the confidential information saved within the company’s network, network security is imperative in the success of Riordan Manufacturing.

Riordan is a global company that has their networks connected to the China plant which have the same network connections as the other plants in the United States. The China plant employees 250 individuals; therefore, with being established in a different country and having that many workers the security threat is greater. The company must guarantee they have adequate amount of security measures in position. During daily business, phone calls and emails transpire from one plant to another and the company must be sure this information is sent and received securely to ensure confidential company information remains secure. As with the other Riordan plants, it imperative for the China plant to have dependable and trusting IT personnel.

The first step of securing the company’s data would include backing up their databases and forming an alternate plan. Then every company computer, in each plant, must have firewalls out in place. Without firewalls, the networks are at jeopardy of being hacked and unwanted persons collecting Riordan’s information. Login credentials will need to be assigned to all employees that gave access to company networks. The access management system should be developed for all employees to determine how much company information they can view. As stated by Sando & Fink (n.d.) “In general, employees are assigned usernames and passwords that grant them certain privileges and allow them to use applications or enter specific networks within the business” (p. 3). This will prevent the wrong person from obtaining trade secret that could prevent the company from succeeding. If the company continues to permit all employees to have equal access, then company data remains unsecured and allows the possibility of their networks being hacked. Hackers are always looking for opportunities and weaknesses within a company. Without implementing these security measures, the company could face a decline in sales and eventually ruin the company.

With the demand and developments in computer technology and system design, Riordan must update their computer systems. As mentioned by Stewart, J. (2008) “Routine network upgrades are an essential element in every security and risk mitigation plan, and a well-thought out security strategy is a critical component of the network’s technical and operational architectures” (p. 2). These updates will boost the scope of the functions within the company.

The results from having out dated computers can include sales declining and interference with company production. There are many networks at each of Riordan’s locations; therefore, upgraded computers that are paired with a safeguarded network will operate in the favor of the company. Productivity will increase by having more reliable systems which will make the company more money. Another change that will benefit the company would be to establish IT departments at each location that is positioned in a separate, secured location within the building. This will provide a more secured area for the employees that have the task of securing company data from being obtained.

Riordan’s products are secured by patents; however, there are methods that other companies can use to make and sell a similar product. This is when the IT department can assist by tracking, investigating, and resolving problems. This department would implement and maintain the limited access system. In return, only the head of the company and IT department employees and would have access to the IT secured area.

With the company having multiple plants and one located in China can create a risk for the security of Riordan. Any company’s success can partly be determined by their computer security. The security within Riordan needs to be improved both inside and out. It is recommended that they upgrade computers, software, and security. Additionally, the company will need specialist that are IT experts, has a clear perception of the security process, and have the ability and knowledge to safeguard the company. Without implementing the recommended changes, the company could be placing their future in jeopardy. It is imperative that the IT specialists have experience in recognizing and managing cyber-crimes within a company. Although not all cyber-crimes can be detected before they happen, with the upgrades and security changes that have been provided the problem can be fixed and the company will have the assistance needed if a security breech does occur. Yes, the goal is to stop breeches from happening but it is even more important to know how to deal with them in the aftermath.

In closing, Riordan is a billion-dollar company and has patents for their products; however, their current security within the company is lacking. This report provided recommended a need to know process to heighten the security of company data by implementing a limited access system. It was also suggested to upgrade the entire computer system and securities. Finally, it was detailed how a separate IT department can secure the company’s data and computers from falling into the wrong hands, If these changes are put in place then Riordan will be one step closer to securing their future.

References

Riordan manufacturing (2013) Virtual organization portal. Apollo group. Retrieved from: UoP student website. www.ecampus.phoenix.edu

Sando, S. & Fink, P. (n.d.). Off limits: controlling the level of information access for employees. Retrieved from http://performance.ey.com/wp-content/uploads/downloads/2012/11/Offlimits.pdf

Stewart, J. (2008). Silent Risk – Why We Must Upgrade Network Software. Retrieved from http://www.cisco.com/c/dam/en_us/about/security/cspo/docs/perspective_silent_risk.pdf