Team “C” was hired by Riordan Manufacturing management to overhaul the security features currently employed by the company. Management outlined a comprehensive plan that included a complete hardware refresh, security best practices and end user training. Team “C” will devote resources to assess the physical and network security issues and concerns at each Riordan plant. Once those have been identified, Team “C” will identify the data security issues and concerns present at each Riordan plant. Finally, Team “C” will address web security issues and concerns present at each Riordan plant and recommend a way forward for the company.
Riordan Manufacturing Background Riordan Manufacturing is a global plastics manufacturer employing 550 people with projected annual earnings of $46 million. The company is wholly owned by Riordan Industries, a Fortune 1000 enterprise with revenues in excess of $1 billion. Its products include plastic beverage containers produced at its plant in Albany, Georgia, custom plastic parts produced at its plant in Pontiac, Michigan, and plastic fan parts produced at its facilities in Hangzhou, China. The company’s research and development is done at the corporate headquarters in San Jose.
Riordan’s major customers are automotive parts manufacturers, aircraft manufacturers, the Department of Defense, beverage makers and bottlers, and appliance manufacturers (Riordan Manufacturing, 2013). Each site manages their network that communicates directly with the corporate office in San Jose. The three outlying sites do not communicate with each other without going directly through the corporate office. This is the biggest change Team “C” will propose. Communications between the four networks should be real time and should be linked.
Physical Security Concerns The initial review of the physical security of the Riordan Manufacturing Network identified some major concerns: * Single point of failure – The three outlining networks run through the corporate office in order to share information. If the corporate office is down, then the information from the other three offices cannot be shared. * Lack of Redundancy – The networks currently only have one path out. For instance, if the gateway/switch at the Hangzhou, China plant goes down, the various departments running off that switch will be isolated from the rest of the network.
Communication Barrier – Communication between the three US bases sites with the Hangzhou site could pose some challenges. Ensure the physical security policies employed in the United States are also allowed in China. * Facility Security – There was not much mention of the physical security aspects that are employed at each site. Recommend doing a comprehensive review of the physical security of each complex and recommend security features to each distinct location. Highly recommend the corporate office shift to a common access card (CAC) entry to the facility. Backups – Did not see a backup plan. Ensure backups are conducted daily and the off-site copies are maintained. Network Security Concerns The Network security aspects of our review are aligned with most of what was identified with the physical concerns.
There are additionally items that identified that need to be addressed: * Language. The three US site networks will have to be able to receive data through the Chinese network (Compatibility issue). Ensure that the US based networks are able to receive and process Chinese code/language. Security Policy – Ensure that the strict policies enforced on the three US based networks will be compliant in China. The Chinese government has strict restrictions on information access. Need to ensure Chinese security policies are followed and that company information is not compromised.
* Single point of failure – As addressed in the physical security, the networks as constructed have various single points of failure. If a switch or router goes down, the whole network is isolated from conducting business. Different Operating Environments – Most of the company is running on Windows 7 environment, however, MAC PRO’s are being used at the corporate office and this could lead to some compatibility issues between Windows and MAC environments. * Obsolete equipment – Many of the sites are using old network equipment. Recommend investing in new switches and routers to enhance the processing and network speed. Conclusion Team “C” has identified numerous areas of concern with the Riordan networks. Those items will be address individually at each location and be submitted in a comprehensive review.