Cmgt 432 - Riordan Security Review

Riordan Security Review

CMGT/432

5/16/2011

Jude Bowman

Riordan Security Review

The purpose of this paper is to conduct a security review for Riordan Manufacturing. A detailed review of the existing network architecture will be performed by the team. This review will identify any security deficiencies that might exist at the various Riordan facilities. The team will propose new security practices and procedures that address the current network, data, and web security issues found in the security review.

Background and Statement of Need:

A security review of the Riordan Manufacturing information systems focused on network, data and Web security is required to ensure compliance with Sarbanes-Oxley Act of 2002 (SOX) regulatory Requirements. Security and business continuity are integral and critical aspects of SOX (Sarbanes, 2010). With four locations, each using divergent IT infrastructure and software systems, the need for consolidation is second only to improved enterprise level security management across platforms.

Project Objectives and Scope:

Development of a business requirements document that uncovers the current weaknesses of Riordan information systems security (ISS) and identifies the improvements needed to be in full compliance with the SOX requirements with the impending compliance audit in mind.

Here are some of the physical and virtual threats a company can face in terms of breach of data/information, cyber hackers, stolen laptops or mobile devices; spam and missing documents on an office computer. These can cause Riordan loss of money and time. The key to these issues is to install anti-virus or anti-malware software that monitors Riordan's network on a regular basis; in addition, IT staff should be taught how to handle such situations since cyber hackers are always targeting important information and data stored on an information system or technology. There is software available that will give Riordan regular alerts about their data. Barracuda networks and Cisco offer data protection software for companies as well as businesses. It is very important to evaluate these systems and software installed and whether they comply with Riordan's overall security policy. (http://www.articlesbase.com, 2011). In addition, other internal threats are certain cyber intruders or dissatisfied employees sending malicious code to destroy important company software. These individuals might also try to modify company information; reduce network bandwidth compatibility. The solutions to these internal threats are having an efficient network plan that includes detection as well as recovery of information/data. (http://www.tech-faq.com, 2011).

Communication channels differ with every company. But telephone conversation still remains the clearest form of communication; in addition important information is shared in a quick reliable way. Video conferencing is also a useful way to discuss top company priorities. Verbal communication is important when feedback from the management of a company is required immediately.

Communication within a company is multi-faceted, for example a mid-level manager might talk in a different tone to his/her employees compared to corporate or upper management. Also, when communicating with business partners or negotiating a contract with a particular company, it might require a respectful tone rather than talking down to them. This also applies in E-mails, typing the entire message in Capital letters or exclamation points is considered equivalent of shouting. Spell checking an E-mail is important when it is a formal message. (http://www.flatworldknowledge.com, 2011).

Requirements Documentation Organization:

The requirements will be organized with separate sections for network, data, and Web security. Each of these sections will further be ordered by current status, recommendations for improvement, and potential risks if no action is taken. The recommendations will be listed with sources of hardware and software where appropriate.

Network Security Current status:

The network security review of the Riordan Manufacturing's four diverse locations reveals several critical areas requiring updates and improvement. Of the four locations, the company headquarters in San Jose California is the best equipped and most secure, employing Cisco switches on the internal network; however beyond that there are several areas that need attention in San Jose as well as all other areas. Outdated Cisco PIX appliances are currently being used for firewall security in San Jose. According to EOL6321 located on the Cisco website, the Cisco PIX Security Appliance has reached its end of life and will no longer be supported (EOL, 2010). Additionally, no business continuity plan or disaster recovery capabilities currently exist. This presents a large gap in the capabilities of Riordan to recover from a disaster or even the loss of key equipment or staff. This is also a key area of concern for SOX compliance and capability. With the outdated PIX appliance, switches, and routers currently being used throughout the organization, in addition to the lack of disaster recovery and business continuity planning, the following recommendations are being made.

Recommendation:

As a first line defense, it is recommended that at minimum, a Cisco ASA 5500 series Adaptive Security Appliances be implemented. The addition of a Cisco 5500 ASA series device will provide Riordan with protection against worms, data theft, and network attacks by securing the perimeter of the network (Cisco, 2010). The easy to use management interface and scalability make it an excellent choice for Riordan as they continue to grow. The ASA 5500 series also integrates well with Cisco's line of Integrated Services Routers.

Implementation of an Intrusion Protection System will provide the network with intrusion detection and the protection that a network monitoring and management system offers. An intrusion detection and protection (IDP) systems such as Cisco's Software as a Service (SaaS) Tipping Point product is just such a solution. With the ability to detect intrusion attempts at the packet level, and then quarantine, repair, or in extreme cases shut down a server or cut network connectivity when needed, an IDP offers serious intrusion protection. According to Cisco, "SaaS offered more favorable licensing models, quicker ROI and faster implementation versus on-premise solutions"

...