Riordan Manufacturing Information Security Review
The purpose of the information systems security review is to give Riordan Manufacturing a suggestion that can facilitate Riordan Manufacturing in establishing and maintaining high-level safety measures as well as reducing the risk of interruption to Riordan Manufacturing day-to-day operations (INTOSAI, 2006). The review of Riordan Manufacturing information systems security is to determine if Riordan Manufacturing’s information security is structured on the tangible, workforce, organizational, workstation, and data system levels of the Sarbanes-Oxley act. This review is to ensure that Riordan Manufacturing has high-quality organization control that will allow Riordan Manufacturing to overcome any shortcomings that may cause danger to the security at accompanying stages. The specific security issues to be addressed are relative to Riordan Manufacturing’s network, data, and Web security. Team A conducted a top-down review approach of Riordan Manufacturing’s information security system. This approach allowed team A to focus on key information systems that presented special security concerns. Team A conducted an evaluation of the possibility for terrorization to take place and of the extent of the effect if they did take place. The terrorization and possible extent of the effect if they did take place were evaluated separately, and worldwide to establish a universal level of exposure to risk. These assessments will be subjectively articulated in expressions of influence, high, medium or low risk. Based on the assessments, the recommendations will be made to management for the course of action to acquire as well as on the specific type of controls and safety measures (INTOSAI, 2006).
In order to be in compliance with the Sarbanes-Oxley Act, Riordan Manufacturing must update its information system with some hardware as well as software additions. The Sarbanes Oxley Act states that all business records, including electronic records and electronic messages, must be saved for “not less than five years.” Ensuring that the correct type of business records that need to be stored, including all business records and communications, including electronic communications is the main concentration of what we would like to do for Riordan. To be in compliance with the Sarbanes Oxley Act Riordan Manufacturing will need to add at minimum of two additional databases to their current information system, one which will be on the intranet and one, which should be on the “sneaker net”. The “sneaker net” database is the network external back up that will help to bring a level of assuring that the information will be available and safe from attacks, which could bring the internal information system to its knees. There also could be a cloud-based version of the database that will enable all locations to have authorized personnel to access this information as needed. Although I would recommend that read only