Description of my company

CNC-

CNC- Xeisdamast
17.04.2023
christian.wallner.exercise1.pdf
Figure 1: https://www.fh-ooe.at/fileadmin/user_upload/filelist/plaene/hagenberg/docs/fhooe-hagenberg-campus-raumplan.pdf

Company Description:

Our company is a privately-owned CNC metal manufacturing company that specializes in CNC
machining, fabricating, welding, and finishing services. We provide our services to various
industries including aerospace and automotive sectors. We use the latest and advanced
technologies to offer high-quality and cost-effective solutions to our clients. Our main focus is on
providing customized solutions to meet the specific needs of our clients.

Industry:

Our company operates in the private sector and competes with other similar companies in the
industry. We have been in business for over a decade and have established a reputation for
delivering quality services and products to our clients.

Services or Products:

Our services include CNC machining, fabrication, welding, and finishing. We also provide
value-added services such as engineering, assembly, and packaging. We use state-of-the-art
technology to manufacture high-precision parts and components for various industries.

Market Space:

Our market space is primarily regional, with our services offered to customers in the local area.
However, we have also worked with clients in other parts of the country and are looking to
expand our services further. Our primary clients are from the aerospace and automotive sectors.

Number of Employees:

S2
We currently have 50 employees who work in different departments, including management,
engineering, production, quality control, and customer service. Our employees are highly trained
and experienced, and we strive to provide a safe and healthy work environment for all of them.

Departments:

1. Management: This department is responsible for overseeing the overall operations of the
company, including financial management, business development, and strategic planning.
2. Engineering: Our engineering department is responsible for designing and prototyping
new products, as well as providing technical support to our customers.
3. Production: The production department is responsible for manufacturing and producing
high-quality metal parts and components using CNC machines, welding, and fabrication.
4. Quality Control: The quality control department is responsible for ensuring that all
products and services meet the highest standards of quality, through regular inspections
and testing.
5. Customer Service: The customer service department is responsible for managing
customer relationships, resolving complaints, and ensuring customer satisfaction.

Local or International:

Our company operates locally, with our services primarily offered to customers in the local area.
However, we are open to expanding our services and reaching out to international clients in the
future.

Things Requiring Protection:

As a metal CNC manufacturing company, there are several things that require protection to
ensure the safety and security of our employees, equipment, and intellectual property. Here are
some of the key areas that we focus on:

1. Workplace Safety: We have strict safety protocols in place to ensure the safety of our
employees while they work with heavy machinery and equipment. We provide regular
training sessions to our employees to educate them on safe work practices and ensure
compliance with safety regulations.
2. Cybersecurity: We recognize the importance of cybersecurity and take measures to
protect our data and intellectual property. We use strong passwords, firewalls, and
antivirus software to protect against cyber-attacks.
3. Equipment Maintenance: Our CNC machines and other equipment require regular
maintenance to ensure their proper functioning and prevent accidents or breakdowns. We
have a maintenance schedule in place to regularly check and maintain our equipment.
4. Quality Control: Quality control is an essential aspect of our business, and we take
measures to ensure that all products and services meet the highest standards of quality.
We have a dedicated quality control department that conducts regular inspections and
testing to ensure compliance with industry standards.

S3
Intellectual Property: We understand the importance of protecting our intellectual property,
including our designs, trademarks, and patents. We take measures to safeguard our intellectual
property by registering trademarks, filing patents, and monitoring for any infringement. We also
ensure that all employees and third-party contractors sign non-disclosure agreements up a data
security plan for the metal CNC manufacturing company you created, including: • Threats and
vulnerabilities • Risk assessment • Mitigation measures • Response plan • Recovery plan

Data Security Plan:

At our metal CNC manufacturing company, data security is a top priority. We recognize that
cyber threats and vulnerabilities are increasing every day, and as such, we have put in place a
comprehensive data security plan to mitigate the risks associated with cyber-attacks.

Threats and Vulnerabilities:

Some of the threats and vulnerabilities we face as a metal CNC manufacturing company include:

1. Phishing attacks: These are malicious attempts to obtain sensitive information such as
usernames, passwords, and credit card details by posing as a trustworthy entity in an
electronic communication.
2. Malware attacks: These are malicious software programs that are designed to harm or
exploit computer systems, networks, or devices.
3. Insider threats: These are threats that originate from within the company, such as
employees who misuse or steal sensitive information.
4. Physical security breaches: These are breaches that occur due to physical access to our
facilities, such as theft of computer equipment or confidential documents.

Risk Assessment:

To assess the risks associated with cyber-attacks, we have conducted a comprehensive risk
assessment, which has identified several areas of vulnerability. We have rated the risks based on
their likelihood of occurring and their potential impact on the company.

S4
Mitigation Measures:

To mitigate the risks identified in our risk assessment, we have implemented several measures,
including:

1. Employee Training: We provide regular training to all employees on cybersecurity best

practices, such as how to identify phishing attempts and how to use strong passwords.
2. Access Control: We have implemented access controls to limit access to sensitive data
and systems. This includes implementing role-based access controls, which limit access
to data based on an employee's job responsibilities.
3. Encryption: We encrypt all sensitive data, both in transit and at rest, to prevent
unauthorized access.
4. Backup and Recovery: We have implemented regular backup procedures and disaster
recovery plans to ensure that our data is protected and can be recovered in the event of a
disaster.
5. Physical Security: We have implemented physical security measures to protect our
facilities and prevent physical access to our systems and data.

Response Plan:

In the event of a cyber-attack, we have a response plan in place to minimize the damage and
protect our data. Our response plan includes the following steps:

1. Identify the attack: We use intrusion detection systems and other monitoring tools to
identify cyber-attacks.
2. Isolate the affected systems: We immediately isolate the affected systems to prevent
further damage.
3. Contain the attack: We work to contain the attack and prevent it from spreading to other
systems.
4. Notify stakeholders: We notify relevant stakeholders, including employees, customers,
and law enforcement agencies, as necessary.
5. Investigate the attack: We investigate the attack to determine its scope and impact.
6. Implement remediation measures: We implement measures to remediate the damage
caused by the attack and prevent future attacks.

S5
Recovery Plan:

In the event of a cyber-attack, we have a recovery plan in place to restore our systems and data.
Our recovery plan includes the following steps:

1. Restore data backups: We restore data backups to recover lost or damaged data.
2. Rebuild systems: We rebuild any systems that were damaged in the attack.
3. Test systems: We test our systems to ensure they are functioning properly.
4. Resume operations: Once our systems are functioning properly, we resume operations.

Overall, our data security plan is designed to protect our company's data and systems from cyber
threats and vulnerabilities. By implementing these measures, we can ensure the safety and
security of our data and minimize the risk of cyber-attacks.

S6