June 18, 2012
Riordan Manufacturing conducts an information systems security review over IT security issues that exist in different plants to prepare for an upcoming audit in accordance to the Sarbanes-Oxley Act. Several elements of the organization 's information systems require revisions and updates to optimize physical and network security, data security, and Web security.
SR-rm-013: Network, Data, and Web Security
The Sarbanes-Oxley Act (SOX), passed in July 2002, requires publicly traded companies to submit accurate and reliable financial information. Securing private information is not included in its requirements; however, establishing security controls for confidentiality, availability, and integrity of the reporting are (Kim & Solomon, 2012).
Riordan Manufacturing is preparing for an audit in compliance with SOX and is conducting an information systems security review over its physical and network security, data security, and Web security.
Physical and Network Security
Riordan Manufacturing performs an information systems security analysis over its physical and network security. Several elements of the IT system require revisions, such as restrictions to physical access to vital IT systems and upgrades to outdated systems within the network.
After analyzing the headquarters and Riordan’s other sites it was found that they were not
designed nor equipped in the same fashion. The most important thing in the Riordan
Manufacturing Company with the equipment and vital information there is no visible hard
security protection. This makes all the sites, including headquarters, easily accessible through
theft and people who have been fired under unfavorable circumstances. Unlike most of the
companies and government agencies this organization shows no scanning of a badge procedure
or automatic door operation.
The company would benefit
References: Apollo Group (2004). Riordan Manufacturing Human Resources. Retrieved January 20, 2011, from https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/Riordan/HR/RioHRHRIS001.htm. Apollo Group (2004). Riordan Manufacturing Information Technology. Retrieved January 15, 2011, from https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/Riordan/IT/RioITNetwork002.htm. Apollo Group, Inc.. (2012). Riordan Manufacturing home - virtual organization. Retrieved from https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/Riordan/index.asp# Apple Byrum, S. (2003, October 18). The impact of the Sarbanes Oxley Act on IT security. Retrieved from http:// http://www.sans.org/reading_room/whitepapers/casestudies/impact-sarbanes-oxley-act-security_1344 CA Technologies (2010) Cisco Systems (n.d.). EOL/EOS for the Cisco PIX Security Appliance Software Licenses. Retrieved June 08, 2012, from http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_for_cisco_pix_sec_app_sw_licenses.html. Kim, D. & Solomon, M. G. (2012). Fundamentals of information systems security . Sudbury, MA: Jones & Bartlett Learning, LLC. Northwoods (2008). Regional SWOT analysis. Retrieved January 21, 2011, from http://www.northwoods.org.uk/regional-swot-analysis. SearchSecurity (n.d.). Physical Security Definition. Retrieved January 16, 2011, from http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1150976,00.html. SpamLaw (2011). Data Security. Retrieved from http://www.spamlaws.com/data-security.html Value Based Management (2011)