Analyzing Information Systems Risk Management at Riordan

Verified

Added on 2022/10/08

AI Summary

This report provides a comprehensive analysis of information systems risk management within Riordan Manufacturing, a global manufacturing company. The report identifies system vulnerabilities, including network security, internal threats (employees, former employees, and third-party employees), and the impact of natural events. It assesses the risks associated with these vulnerabilities and discusses the potential consequences of attacks. The report then details various security levels and preventative measures, such as access control, password management, and data encryption, to mitigate risks and protect the company's information systems. The conclusion emphasizes the importance of proactive risk management and preparedness to minimize the impact of potential attacks and ensure business continuity. The paper emphasizes the need for companies to prioritize security measures to protect their data and operations.

Running Head: INFORMATION SYSTEMS RISK MANAGEMENT 1
INFORMATION SYSTEMS (IS) RISK MANAGEMENT
Student Name
Course Name
Institutional Affiliation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 2
Information Systems (IS) Risk Management
Riordan is a global manufacturing company that specializes in the manufacture of
plastics. The company has three main plants in US and another one located in Hangzhou,
China. One of the key areas that every organization needs to take great care is about
information security and especially if it’s a global company like Riordan. This paper seeks to
evaluate the systems of the company to determine the vulnerabilities that may be facing the
systems, both the internal and external threats. The paper will also address other
nonintentional sources of threats such as natural causes that may adversely affect the systems.
The possible results of the attacks will be addressed as well the various ways of preventing
the attacks. Finally, it will also determine the levels of security that will appropriately ensure
security of the information system while at the same time giving an allowance of
uninterrupted maximum amount of workflow.
System Vulnerabilities
Risk assessment refers to the “structured and systematic procedure, which is
dependent upon the correct identification of hazards and an appropriate assessment of risks
arising from them, with a view to making inter-risk comparisons for purposes of their control
and avoidance” (Nikolic & Ruzic-Dimitrijevic, 2009). Every system is susceptible to attacks
due to various vulnerabilities that may be existing in the system (McClenaghan, 2012). There
is always a risk of being comprised by hackers either from outside or just from within the
company. With the advancement of technology, the external attacks facing organized have
increased greatly with each passing day (Lusthaus, 2013).
Riordan Manufacturing being a global company is also at greater risk due to having
branches spread in various places. The primary vulnerability that Riordan faces is network’s
security interconnecting all the plants. The company uses one system due to easy

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 3
communication but it leaves it greatly exposed to attackers. A hacker could compromise the
system and get hold of very crucial information as well as having the ability to affect the
production in all the branches simultaneously. A person with a vendetta against the
organization could also seek to harm to the reputation of the company. A competitor might
also hire hackers to attack the organization with the aim of obtaining crucial information that
would help them overtake the company.
Another vulnerability that may face Riordan is internal attacks. Attacks from within
pose the greatest risk to data and information that threatens to completely disrupt the
operation of the company or even worse (Amigorena, 2014). The biggest internal threat
facing Riordan would be the employees of the company, especially those within the IT
department although any other employee with access could be a potential perpetrator. The
internal threats can be further categorized into the existing employees, the former workers
and third-party employees.
i. Existing employees
An employee who feels that they are being poorly treated or targeted unfairly may
develop a bad attitude towards the company. This would make them an easy target
for external sources seeking to invade the system such as competitors. They could
also obtain the company’s information and sell it. They could as well pose an
accidental threat. For example, due to their lack of motivation, they could fail to
follow the set protocols thus making the company exposed to attacks.
ii. Ex-employees
They may be holding a grudge like, for example if they were unfairly sacked.
Before leaving, they could decide to put a virus in the system. They could also be

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 4
approached by other people who want to attack the company due to their previous
access and knowledge.
iii. Third-party employees
A company using third party employees puts itself at great risk of being exposed
to attacks. The company management is not able to monitor every one of the
third-party employees and determine what they access or if they follow all the
required protocols.
Riordan Manufacturing is also vulnerable to natural events that may cause the normal
operations of the company to be jeopardized. Like most companies today (Cascio &
Montealegre, 2016), Riordan relies very much on technology in the majority of its day-to-day
activities and for communication. If a natural event like weather, earthquake, flooding or
others would disrupt the company’s network, Riordan would suffer massive loses and more
so because they use a centralized system. A problem at one plant would leave all the
remaining locations at risk too. The natural occurrences could also affect the company’s
network security and leave it exposed to hackers during that time the systems are down.
There could also be other unintentional events that may compromise the security of a
system like for example when an employee of the company accidentally enters a wrong code
which in turn causes a massive failure of the system. The risk level varies depending on the
nature of the vulnerability and the place where it occurs (Feng, Wang & Li, 2014). One
vulnerability may cause a chain event of other risks like the cause when a system failure
opens doors to hackers to launch their attacks.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 5
Security Levels and Ways of Preventing Attacks
A company should always strive to keep its different security levels confidential. The
information should not only be kept a secret from the external sources but also limited to only
a limited number of employees within the organization (Peltier, 2002). The level of access of
employee should only be limited according their job function. For example, an employee who
deals with payrolls should only be allowed to access information only regarding payroll.
They should able to see other vital information like the company’s financial information
since it does not pertain their job. New employees or those from lower levels should not be
allowed to gain access to the company’s confidential information (Finne, 2000).
Also, the levels of access should be categorized according to the various departments
within the organization. For instance, an employee in the assembly line should be having
access to IT department’s information. This would be addressed by employing the use of
computer access codes and security cards access to specific departments where the employees
belong. It is also important to change passwords and access codes regularly (Kim &
Solomon, 2010).
This would lower the risk of unauthorized access to the information. After an
employee leaves the company, whether by their own desire or involuntarily, their passwords
should be changed immediately and their access codes revoked (Thornton-Trump, 2018).
This would lower the risk of ex-employees leaking information or selling the company’s
information to outsiders which may harm the company. The transfer of information from one
plant to another should be done over an encrypted line to limit the chance of hacker
intercepting the information during transfer.

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 6
Conclusion
It is almost impossible for any organization to be completely immune to attacks.
However, a company can minimize the risk of these attacks by putting into place some
certain protocols. It is paramount that Riordan Manufacturing implements these security
measures in order to guard their company against attacks as much as possible. Combating or
dealing with an attack is important but what is more important is preventing the attack from
happening. It is a good practice to evaluate all the risk factors, whether from outside, from
within, unintended or those caused by natural factors as it puts a company at a better place
dealing with the attacks when they happen. The preparedness of a company determines how
best they will be able to respond in the case of an attack. A company should always put
security as their top priority.

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 7
References
Amigorena, F. (2014). The threat from within: how to start taking internal security more
seriously. Computer Fraud & Security, 2014(7), 5-7. doi: 10.1016/s1361-
3723(14)70510-x
Cascio, W., & Montealegre, R. (2016). How Technology Is Changing Work and
Organizations. Annual Review Of Organizational Psychology And Organizational
Behavior, 3(1), 349-375. doi: 10.1146/annurev-orgpsych-041015-062352
Feng, N., Wang, H., & Li, M. (2014). A security risk analysis model for information systems:
Causal relationships of risk factors and vulnerability propagation analysis. Information
Sciences, 256, 57-73. doi: 10.1016/j.ins.2013.02.036
Finne, T. (2000). Information Systems Risk Management: Key Concepts and Business
Processes. Computers & Security, 19(3), 234-242. doi: 10.1016/s0167-4048(00)88612-5
Kim, D., & Solomon, M. (2010). Fundamentals of Information Systems Security (pp. 182-
185). Burlington: Jones & Bartlett Learning, LLC.
Lusthaus, J. (2013). How organised is organised cybercrime?. Global Crime, 14(1), 55. doi:
10.1080/17440572.2012.759508
McClenaghan, E. (2012). All systems can be hacked. BMJ, 345(sep18 2), e6169-e6169. doi:
10.1136/bmj.e6169
Nikolic, B., & Ruzic-Dimitrijevic, L. (2009). Risk Assessment of Information Technology
Systems. Issues In Informing Science And Information Technology, 6, 2. doi:
10.28945/1084

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running Head: INFORMATION SYSTEMS(IS) RISK MANAGEMENT 8
Peltier, T. (2002). Information security policies, procedures, and standards (p. 178). Boca
Raton: Auerbach Publications.
Thornton-Trump, I. (2018). Malicious Attacks and Actors: An Examination of the Modern
Cyber Criminal. EDPACS, 57(1), 17-23. doi: 10.1080/07366981.2018.1432180