Riordan Manufacturing Security Policy
Smith Systems Consulting has been hired to evaluate and consult on the creation of a new information technology security policy to span the complete enterprise infrastructure. This document will serve as a recommendation for Riordan Manufacturing as it pertains to the enterprise wide information security strategy. Riordan Manufacturing currently has three locations within the United States and one location in Hangzhou, China. All of these locations ...view middle of the document...
An evaluation of the enterprise infrastructure as a whole, as it pertains to information technology security, was also conducted. These evaluations were the starting point for Smith Systems Consulting to design a security strategy to best fit Riordan Manufacturing. The existing security policy consists of location-based data access to on-site servers and on-site access to Unix servers for ERP and MRP systems. Also, it was evident that there are a number of servers and data to be accessed from different operating systems that are deployed throughout the locations. The management of the existing security strategy is one that requires each individual to be assigned access permissions manually throughout their term of employment. This strategy is commonplace in the industry, but requires the IT staff to manage each user individually. Therefore, our results of the evaluation were positive with respect to overall security, but management of the user access is costly and time consuming. With these results in mind, we propose a security policy base on Role Based Access Controls (RBAC).
Role Based Access Controls allows companies to assign roles to users within the same department that need access to the same data.