Controls and Access
Enterprise Risk Management refers to the process by which an entity that is affected by its board of directors, other personnel including the management are involved in the setting of the strategies that affect the entire system. They identify any events that have the potential to affect the respective entity and that may threaten the entity from achieving its objectives within the organization (University of California,2011)
The security policies of an enterprise play a distinctive role in ensuring the confidence of the clients in the enterprise. This paper seeks to highlight the importance of the need to establish concrete security policies and the maintenance of high standards of security within an enterprise. The essay approaches the topic in terms of advice given towards the Riordan manufacturing company. The paper seeks to advice Riordan Manufacturing Company on the key aspects necessary for the creation and maintenance of adequate security policies.
Importance of implementing security policies within Riordan Manufacturing Company
Before any security policies were to be implemented, it was necessary to ensure that the company in question had a clear understanding of the benefits and importance of implementing such stringent security policies on their information systems. To begin with, such policies protect the company from eminent project failures that the company may have targeted for the future development of the company. Such failures normally result due to security breaches on the data in the information system that results due to insufficient security on the information system that is set up. In addition, the security policy implementation reduces the probability of data loss, while enhancing the financial stability of the organization. All these advantages warrant the implementation of security policies within Riordan Manufacturing Company.
There are several security risks that prompt the implementation of adequate security policies within the organization. There is the risk of bypassing the existing security structures through the connectors and other plug-ins. This is because the use of connectors and plug- ins are normally utilized within organizations as they enable the easy extraction of data from several sources by the plugging into various systems.
Once extracted, the data is under the risk of being manipulated and even altered as it is no longer under the system protection. In order to protect against such a risk, the system administrators need to ensure that all connectors and plug-ins are treated as server extensions, systems extension as well as hardware extensions. Additionally, it is recommended that the connectors have checks and balances that are security related before they are applied for use within the organization. There is also the risk of leaking data through analysis of linguistics.
This usually occurs as a result of improper filtering of information from the source before being relayed to the user. Despite the fact that this kind of breach is subtle, restrictions need to be undertaken to ensure data security is maintained. This involves avoidance of suspicions as well as “talk” that may be associated with the breach. Latency, which involves the synching of search with the security principles of the company, can also prompt security threats. This can be caused by the interlinking of the information that is contained within the thousand of files that exist within the organization and that share a common relation among them. There is also the security risk of data leaking as a result of hybrid systems as well as the item-level clearance at the security (Probstein, 2010).
In order to protect against such risks and ensure optimum data security, the company would be advised to undertake the following procedures;
Separating duties through assigning roles hence providing safeguards to securing the data in their information systems
Separation of duties refers to a security concept that involves the requirement of more than one person to complete a particular task on the system. In advising Riordan Manufacturing, this ensures that at no one time does a single individual have the full control of more than two control portions of the system. This is advised to discourage deliberate committing of fraud as it requires collusion of two or more individuals, thus enhancing the probability of detection incase of such a breach. It is necessary to divide the company’s system into four major sections, the authorization section, the record keeping section, the custody section as well as the reconciliation section. To ensure maintenance of high security level standards, no single individual should be left to control any single section individually. The implementation of duties in a company’s information system controls the damage that can result from the trends that are taken by a single individual with non-professional intent towards the company (Vacca, 2009).
Methods of controlling the mechanisms that are used in the enforcement of Separation of Duties
The maintenance of automated systems or even manual systems as well as transactions that involve applications should be maintained. The tracking of the flow of transactions by use of audit trails is also advised. Additionally, the handling of exception reports should be done at supervision levels with the backing up of evidence. Finally, the institution of independent reviews are also considered as they easily detect errors.
REFERENCES
University of California, (2011). Enterprise Risk Management (ERM).
Retrieved on : 8/4/2012. Retrieved from : http://www.ucop.edu/riskmgt/erm/
Probstein, S (2010). The Security Risks of Enterprise Search. Enterprise Systems. Received on:8/4/2012. Received from: http://esj.com/articles/2010/03/enterprise-search -risks.espx
Vacca, J. R. (2009). Computer and Information Security Handbook: Elsevier.
