CSIA 300 Research Report 2

profileGhost119
CSIA300project2.docx

Running head: RISK ANALYSIS AND REPORT 1

RISK ANALYSIS AND REPORT 9

Research Report #2: Emerging Issues Risk Analysis and Report

Samuel Olojede

UMGC

Introduction

Padgett- Beale's Entertainment Team (ET) is very much ready to launch a new cloud-based event management system that functions as an end to end management for various events such as festivals, concerts, and conferences. The head of the Resort Operations (RO) and the Marketing and Media (M&M) have a strong belief that the process of data collection and analysis will be of much significance and will help in managing various hotel sponsored events such as programs meant for kids. While the RO, M&M, and ET teams have the focus of moving ahead, many upper-level managers have developed some concerns about the customized Radio-Frequency Identification (RFID) wrist brands that get added to the system of event management to manage and track attendees. The bands incorporated in the network uses unique identifiers which are fixed in the round. The unique identifiers follow the attendees of every move they make. It is also connected to the attendee's credit card or debit card account to facilitate purchasing foods, souvenirs available at the event, and beverages. Furthermore, the head of Corporate IT has approved the new system's launch because it is fixed with cloud-based technology. The system helps in reducing the level of infrastructure that the IT team has to support and manage. However, the project came to a standstill after the Chief Privacy Officer (CPO) requested more information regarding the advantages of the RFID solution and its potential to respond to privacy issues that may occur. The report analyzes managing the adult attendees at events such as music festivals with RFID bands linked to their social media platforms such as Facebook, Twitter, credit, debit accounts, and the privacy and security issues that may occur.

Analysis

One of the effective ways that ET plans on putting into practice the RFID wrist bands is to conduct proper management on the adult attendees at events such as music festivals. The RFID bands must be linked to the attendees' social media platforms such as Facebook, Twitter, and both credit and debit accounts to make it efficient to purchase foods, beverages, and souvenirs available at the events market stalls (Haseeb, 2018). Furthermore, the RFID wrist bands will allow guests to receive a hands-free experience at the event, which means that the guest needs not to worry about the stress that comes with carrying cash, credit cards, or the concert tickets because they can move in the event carefree. This type of technology will also give room for the guests to focus on enjoying themselves, which is proven to escalate impulsive spending on food other merchandise. Bernatik, Huang, & Salvi (2017) add that cases such as theft and fraud opportunities are reduced when all the guests decide to use wristband. Instead of walking around with their cash or credit cards, they get generally known to get stolen or lost in large events. If the RFID is reported to be stolen or lost, the RFID is cancelled and reissued if necessary.

The RFID technology can connect to various social media platforms such as Facebook, Instagram and Twitter. Users can confirm from their Facebook or even post pictures on Instagram by merely tapping their wristband against the RFID touchpoint (Bosetti, 2018). The various capabilities of RFID social media accounts give users an opportunity to sharing socially with their friends and family, including providing free online advertising for the hotel or the event being organized. Additionally, the hotel will collect all the data and analytics about the guests. After that, the hotel will determine what their guests prefer most by analyzing how they interact and move around the concert. The wristband will allow the collection of data on the purchases made and simplify and improve the level of guests' experience in future (Haseeb, 2018).

In as much as the RFID wrist band gives an array of benefits to the Padgett-Beale and its IT, there are some privacy and security issued that should be addressed:

RFID Sniffing

Padgett-Beale needs to get concerned about the RFID sniffing, which should be conducted when attackers use their RFID readers to steal the information on the users' wristbands. Bosetti (2018) asserts that most of the RFID is difficult to differentiate between the valid RFID reader's requests and the fake ones. This becomes a significant concern regarding the privacy of the guests.

Denial of service

Service denial is an attack that hinders authorized users from gaining access to the service. In most cases, the process of sending and receiving information from the RFID makes both the reader and the person at the back end server to be a target for denial of service attacks (Bosetti, 2018). During these attacks, the users' tags always fail to verify their identity with the reader, making the RFID service interrupted.

Viruses

RFID is also prone to viruses, just like other many technological systems. The viruses always target the back-end database that stores the users (Bernatik, Huang, & Salvi, 2017). In the recent past, virus attacks are crippling significantly because they can destroy and expose valuable data and disrupt the entire service.

Tracking

Having access to the RFID tag allows an attacker to track the location and activity of the users. Users have an obligation of being aware that when a hacker manages to gain access to their network and pinpoint their exact location and the communication conducted between the tag and the readers of the RFID (Bosetti, 2018).

Counterfeit RFID

Cases of counterfeit RFID poses severe threats to the organization because attackers can make a fake primary RFID tag. In most cases, basic RFID tags don't use any form of encryption, making the hackers write information on the necessary tags to help them gain access to the network. According to Haseeb (2018), once the hackers manage to gain access to the system, they can easily manipulate the system by using their fake RFID tag to modify the data. Some of the open areas to particular groups of individuals include those in the VIP rooms or the backstage passes. The hackers can attach their fake tags to other users' tags and exploit their valuable data such as credit and debit card numbers to make purchases or even gain access to events that they are not invited (Bosetti, 2018).

Protection by Law

Depending on the state that one lives in, there are a few laws that impact the planned implementation of the RFID wrist bands event management system. On that note, the Federal Trade Commission (FTC) governs the RFIDs and has taken no step towards enforcing measures (Fonseca et al., 2020). However, some states have started to establish unique guidelines for RFID use by some business entities. Some of the basic formulated laws require businesses to label the products with tags and provide all relevant information on disabling and removing the tag once purchases have been made. Bernatik, Huang, and Salvi (2017) postulate that businesses also need to inform consumers when RFID readers are available. Other states insist on the organizations to tell the users how the information provided in the RFID tag will be used and require fair and lawful processing of personal data and the limit of the duration the data can be stored. In the recent past, Maryland has no laws to protect its users when it comes to using the RFID tag. However, RFID is becoming more mainstream, and Padgett-Beale should be ready to face the risk of future legislation as many people develop the interest of protecting their privacy while using the RFID tags (Crown et al., 2018).

Recommendations

Some of the best practices for privacy and security that should be incorporated before installing the technology by Padgett-Beale include the following.

Data Encryption

Using cryptography is the best measure to ensure data integrity because it helps confirm whether or not the data was last created, modified, sent, or even stored by an authorized user. Therefore, organizations must maintain sensitive information integrity by ensuring it is untouched by unauthorized persons (Fonseca et al., 2020). Additionally, the company needs to ensure RFID tags are used with cryptography when handling sensitive information. When one has to use a necessary tag, they need to make sure he's using proper security measures and strictly monitoring and auditing the program to detect any form of atonalities in the RFID system.

Consumer Transparency

The RFID tag should not be kept a secret, especially to the guests. The guests need to be aware of the RFID tags and how the titles' information will be used and stored (Crown et al., 2018). On the other hand, consumers need to be aware that their data is being recorded and used for the company's best reasons to alleviate some of the company's privacy concerns.

Security

Padgett-Beale Company is obligated to install appropriate cybersecurity measures to secure the RFID tags and readers to protect from unauthorized tracing and reading (Crown et al., 2018). Additionally, the company should implement security measures to secure linked information like social media platforms from unauthorized users. Maintaining a robust information security program helps mitigate internal and external risks to the integrity of the data stored on the RFID tags.

Establishing A Privacy Policy

Establishing effective private policies helps determine how the RFID system stores and manages consumers' confidential information (Bosetti, 2018). The RFID system should allow data sharing and data collection limitations to ease the consumers' minds to make the RFID system more appealing. Privacy policy needs to be in place before the RFID system can determine the appropriate security measures to get implemented.

Security and Privacy Training Programs

It is essential for all operators in the RFID system to actively participate in security and training programs before conducting operations on the network (Bosetti, 2018). Some of these risks are mitigated when the personnel are aware of the risks and consequences. Furthermore, the training program needs to cover the RFID privacy policy and equip the operators with requisite skills to correctly use the system and enact appropriate security measures (Crown et al., 2018).

Conclusion

Conclusively, RFID technologies consist of many sub-grouping with exclusive abilities and capabilities to keep track of people, objects, and service provision required to manage the large events. Furthermore, the RFID system can also be used for various purposes and is regarded as a valuable tool for managing events. This will also give room for Padgett- Beale to streamline its operations by providing a convenient purchasing power, increasing the present social media platforms, and offering reporting tools that provide a complete data and analytics application. This new technology comes with many risks that need to be addressed by following the NIST guidelines for securing the RFID systems. This will give room for the latest technology to reach its full potential.

References

Bernatik, A., Huang, C., & Salvi, O. (Eds.). (, 2017). Risk Analysis and Management-Trends, Challenges and Emerging Issues: Proceedings of the 6th International Conference on Risk Analysis and Crisis Response (RACR 2017), June 5-9, 2017, Ostrava, Czech Republic. CRC Press.

Bosetti, L. (2018). Web-based integrated CSR reporting: An empirical analysis. Symphony. Emerging Issues in Management, (1), 18-38.

Crown, W., Buyukkaramikli, N., Sir, M. Y., Thokala, P., Morton, A., Marshall, D. A., ... & Pasupathy, K. S. (2018). Application of constrained optimization methods in health services research: report 2 of the ISPOR Optimization Methods Emerging Good Practices Task Force. Value in health, 21(9), 1019-1028.

Fonseca, A., Ganho-Ávila, A., Lambregtse-van den Berg, M., Locatelli, A., de la Fé Rodriguez-Muñoz, M., Ferreira, P., ... & Bina, R. (2020). Emerging issues and questions on peripartum depression prevention, diagnosis and treatment: A consensus report from the COST Action RISEUP-PPD. Journal of Affective Disorders.

Haseeb, M. (2018). Emerging issues in Islamic banking & finance: Challenges and Solutions. Academy of Accounting and Financial Studies Journal, 22, 1-5.