Information Systems

profileluckyqloo
AssessingandMitigatingRisk.docx
Home>Information Systems homework help>Information Systems

· Assessing and Mitigating Risk

McNick's fast food is a multinational organization that sells burgers and fries in nearly every country in the world. The corporation consists of a corporate headquarters in Denver, Colorado, and a massive food processing plant located in Laredo, Texas. Its products are shipped to thousands of locations around the world. McNick's was one of the first fast food vendors to implement RFID tracking of inventory using pallet level RFID tags to keep track of movement of products throughout their systems. Pallet tags are scanned using a set of readers built into the delivery dock entry as product is delivered and loaded for shipping. Delivery vehicles scan the RFID information as the last piece of tracking information at the individual stores. McNick's evaluated the ability to encrypt the information being transmitted between the tag, the reader, and the backend database and have opted to pass due to the cost per tag of adding this functionality.

McNick's has an extremely complex network, including the RFID tracking databases and software, thousands of electronic purchase of service (PoS) terminals at its stores, sophisticated Peoplesoft systems that track and integrate all of the information being collected and stored on their network from inventory to payroll and HR, and hundreds of business-unit-related software that has been custom built throughout the years. McNick's marketing staff have moved into social media with an aggressive Facebook and Twitter campaign that includes integration of these social media with the corporate Web site. All IT support is centralized at the Denver headquarters and the CIO has issued contracts to local IT shops to facilitate troubleshooting of technical problems in the remote locations. The store managers are responsible for selecting the local support. Each location has a small Windows server with their own domain that has a trust relationship with the top of the domain tree that allows the stores to remain functional in the event of an Internet outage. Some of the locations in underdeveloped countries function using a satellite connection; the managers at each shop have been given a protocol for uploading any data they have collected locally during an outage. Nearly all of these servers are located in the business office of the store.

McNick's has a large access control team. The workflow includes creation of role profiles within the Peoplesoft system where new hires throughout their entire system are entered. This information is then passed to the access control team to create new accounts. The account is created based on existing roles within the active directory system and the password is set to a standard password used for all new accounts. The complexity of managing accounts across the world has prevented access control team recommendations that complexity be enabled in the password structure. Currently the only password configuration rules are that the password must be at least six characters and be recycled every 180 days. The account ID and password information is then distributed to the manager making the request via e-mail. Recently, one of the access control staff had a slow day and was perusing the accounts. He discovered that fully 20 percent of the accounts created were apparently never used. Another noted that her cousin in the UK had left his job at McNick's several years ago, yet the account was still active in the AD system: apparently IT had never been asked to close the account, and perhaps any account.

Use the study materials and engage in any research needed to fill in knowledge gaps. Write a 2–3 page paper that covers the following:

Answer Highlighted questions

· What are the initial steps you would take when planning an enterprise-level risk assessment of technology tools and procedures?

· Where are potential areas of vulnerability in the scenario as described?

· What potential mitigations can you recommend that would reduce the risk of the vulnerabilities identified, including strategies to offset or monitor risk that cannot be fully mitigated?

Assignment Requirements

· Written communication: Written communication is free of errors that detract from the overall message.

· APA formatting: Resources and citations are formatted according to APA (sixth edition) style and formatting.

· Length of paper: 2–3 pages, excluding the references page.

· Font and font size: Times New Roman, 12 point.

·

Assessing and Mitigating Risk

McNick's fast food is a multinational organization that sells burgers and fries in nearly

every country in the world. The corporation consists of a corporate headquarters in

De

nver, Colorado, and a massive food processing plant located in Laredo, Texas. Its

products are shipped to thousands of locations around the world. McNick's was one of the

first fast food vendors to implement RFID tracking of inventory using pallet level RF

ID

tags to keep track of movement of products throughout their systems. Pallet tags are

scanned using a set of readers built into the delivery dock entry as product is delivered

and loaded for shipping. Delivery vehicles scan the RFID information as the la

st piece of

tracking information at the individual stores. McNick's evaluated the ability to encrypt

the information being transmitted between the tag, the reader, and the backend database

and have opted to pass due to the cost per tag of adding this funct

ionality.

McNick's has an extremely complex network, including the RFID tracking databases and

software, thousands of electronic purchase of service (PoS) terminals at its stores,

sophisticated Peoplesoft systems that track and integrate all of the informa

tion being

collected and stored on their network from inventory to payroll and HR, and hundreds of

business

-

unit

-

related software that has been custom built throughout the years. McNick's

marketing staff have moved into social media with an aggressive Face

book and Twitter

campaign that includes integration of these social media with the corporate Web site. All

IT support is centralized at the Denver headquarters and the CIO has issued contracts to

local IT shops to facilitate troubleshooting of technical pr

oblems in the remote locations.

The store managers are responsible for selecting the local support. Each location has a

small Windows server with their own domain that has a trust relationship with the top of

the domain tree that allows the stores to remai

n functional in the event of an Internet

outage. Some of the locations in underdeveloped countries function using a satellite

connection; the managers at each shop have been given a protocol for uploading any data

they have collected locally during an outa

ge. Nearly all of these servers are located in the

business office of the store.

McNick's has a large access control team. The workflow includes creation of role profiles

within the Peoplesoft system where new hires throughout their entire system are enter

ed.

This information is then passed to the access control team to create new accounts. The

account is created based on existing roles within the active directory system and the

password is set to a standard password used for all new accounts. The complexit

y of

managing accounts across the world has prevented access control team recommendations

that complexity be enabled in the password structure. Currently the only password

configuration rules are that the password must be at least six characters and be rec

ycled

every 180 days. The account ID and password information is then distributed to the

manager making the request via e

-

mail. Recently, one of the access control staff had a

slow day and was perusing the accounts. He discovered that fully 20 percent of t

he

accounts created were apparently never used. Another noted that her cousin in the UK

had left his job at McNick's several years ago, yet the account was still active in the AD

 Assessing and Mitigating Risk

McNick's fast food is a multinational organization that sells burgers and fries in nearly

every country in the world. The corporation consists of a corporate headquarters in

Denver, Colorado, and a massive food processing plant located in Laredo, Texas. Its

products are shipped to thousands of locations around the world. McNick's was one of the

first fast food vendors to implement RFID tracking of inventory using pallet level RFID

tags to keep track of movement of products throughout their systems. Pallet tags are

scanned using a set of readers built into the delivery dock entry as product is delivered

and loaded for shipping. Delivery vehicles scan the RFID information as the last piece of

tracking information at the individual stores. McNick's evaluated the ability to encrypt

the information being transmitted between the tag, the reader, and the backend database

and have opted to pass due to the cost per tag of adding this functionality.

McNick's has an extremely complex network, including the RFID tracking databases and

software, thousands of electronic purchase of service (PoS) terminals at its stores,

sophisticated Peoplesoft systems that track and integrate all of the information being

collected and stored on their network from inventory to payroll and HR, and hundreds of

business-unit-related software that has been custom built throughout the years. McNick's

marketing staff have moved into social media with an aggressive Facebook and Twitter

campaign that includes integration of these social media with the corporate Web site. All

IT support is centralized at the Denver headquarters and the CIO has issued contracts to

local IT shops to facilitate troubleshooting of technical problems in the remote locations.

The store managers are responsible for selecting the local support. Each location has a

small Windows server with their own domain that has a trust relationship with the top of

the domain tree that allows the stores to remain functional in the event of an Internet

outage. Some of the locations in underdeveloped countries function using a satellite

connection; the managers at each shop have been given a protocol for uploading any data

they have collected locally during an outage. Nearly all of these servers are located in the

business office of the store.

McNick's has a large access control team. The workflow includes creation of role profiles

within the Peoplesoft system where new hires throughout their entire system are entered.

This information is then passed to the access control team to create new accounts. The

account is created based on existing roles within the active directory system and the

password is set to a standard password used for all new accounts. The complexity of

managing accounts across the world has prevented access control team recommendations

that complexity be enabled in the password structure. Currently the only password

configuration rules are that the password must be at least six characters and be recycled

every 180 days. The account ID and password information is then distributed to the

manager making the request via e-mail. Recently, one of the access control staff had a

slow day and was perusing the accounts. He discovered that fully 20 percent of the

accounts created were apparently never used. Another noted that her cousin in the UK

had left his job at McNick's several years ago, yet the account was still active in the AD