Information System Recomendations

Riordan Manufacturing

Information Systems Security Recommendations

Team Mars Inc.

CMGT 440-Introduction to Information Systems Security

Mr. Levi A. Royster

April 17, 2006

TABLE OF CONTENTS

1.0 HISTORY: 6

2.0 INTRODUCTION: 6

3.0 SCOPE: 7

4.0 RECOMMENDATIONS: 7

4.1 Physical Security: Operation Class; Physical and Environmental Family (ID:PE): 7

Table 1; Recommended Common Physical and Environmental Controls 6

4.2 Network Security: Technical Class; ID & Authentication (ID:IA), Access Control (ID:AC), Audit & Accountability (ID:AU) and System & Communications Protection (ID:SC): 7

Table 2; Recommended Common Network Controls (IA) 7

Table 3; Recommended Common Network Controls (AC) 6

Table 4; Recommended Common Network Controls (AU) 6

Table 5; Recommended Common Network Controls (SC) 7

4.3 Data Security: Technical Class; Systems and Information Integrity (SI): 7

Table 6; Recommended Common Network Controls (SI) 8

4.4 Web Security: Technical Class; Systems and Information Integrity (SI) and System & Communications Protection (ID:SC) (See Table 5 and 6): 9

5.0 CONCLUSION: 10

Riordan Manufacturing

Information Systems Security Recommendations

1.0 History:

Riordan Manufacturing is a global plastics manufacturer employing 550 people with projected annual earnings of $46 million. The company is wholly owned by Riordan Industries, a Fortune 1000 enterprise with revenues in excess of $1 billion. Connected via a Wide Area Network (WAN) it maintains facilities in Albany, Georgia, Pontiac, Michigan, and Hang Zhou, China. The company's research and development is done at the corporate headquarters in San Jose, Ca. Riordan's major customers are automotive parts manufacturers, aircraft manufacturers, the Department of Defense, beverage makers and bottlers, and appliance manufacturers.

Due to Riordan's current cliental issues relating to Information System Security Assurance arose. To address these issues Mars Inc. has been contracted by Riordan Manufacturing, as network consultants, to provide input on the development of Riordan's IT infrastructure. It is the job of Mars Inc. to identifying any physical, network, data security, web security and/or any other issues or concerns that may exist and make the proper recommendations.

2.0 Introduction:

Mars Inc. evaluated Riordan Manufacturing Corporate Headquarters in San Jose, Ca. its plants in Albany, Georgia, Pontiac, Michigan, and Hang Zhou, China. Riordan's information systems (world wide) have been categorized as High-Impact information systems. This is in part due to Riordan's international relations with China and the nature of the data held within its national and international information systems.

Mars Inc. has provided the below information system security recommendations in accordance with the Federal Information Processing Standard (FIPS) 199; Standards for Security Categorization of Federal Information and Information Systems, the National Institute of Standards and Technology (NIST) Special Publication 800-53; Recommended Security Controls for Federal Information Systems, and in keeping with all Articles of the Law of the People's Republic of China; specifically on regulations governing the Administration of Business Sites of Internet Access Services.

3.0 Scope:

The Purpose of this paper is to provide Riordan's national and international manufacturing plants a common set of system and plant security controls. It is the aim of Mars Inc. to provide recommendations that may be applied indifferently across Riordan's national and international information system networks. This is to address the issues of cost, maintenance and upkeep through out the lifecycle of the above asset.

4.0 Recommendations:

4.1 Physical Security: Operation Class; Physical and Environmental Family (ID:PE):

Riordan's national and international Manufacturing Plants are departmentalized into six separate departments.

They are as follows:

* Corporate

* Budget & Finance (B&F)

* Research & Development (R&D; Corporate Head Quarters (HQ) Only)

* Employee Manufacturing (EM)

* Information Technology (IT)

* International Relations.

Due to system categorization, physical security is paramount. A secure perimeter must be established around Riordan's sensitive information systems and other physical security safeguards must be addressed. To achieve this aim Mars Inc. recommends the following Common Physical and Environmental system security controls listed in, table 1, below.

Note: For a full description of all controls listed through out this document please consult the National Institute of Standards and Technology (NIST) Special Publication 800-53, High Baseline Level.

Control Number Control Name Control Base Line High

1 Physical and Environmental Protection Policy and Procedures PE-1

PE-2 Physical Access Authorizations PE-2

PE-3 Physical Access Control PE-3

PE-5 Access Control for Display Medium PE-5

PE-6 Monitoring Physical Access PE-6 (1) (2)

PE-7 Visitor Control PE-7 (1)

PE-8

...