Research Report #2 - Emerging Issues Risk Analysis v3
CSIA 300: Cybersecurity for Leaders and Managers
Research Report #2: Emerging Issues Analysis and Report
Scenario
The Entertainment Team (ET -- part of Resort Operations at Padgett-Beale, Inc.) is excited about a new
event management platform and is ready to go to contract with the vendor. This platform is a
cloud-based service that provides end-to-end management for events (conferences, concerts, festivals).
The head of Marketing & Media (M&M) is on board and strongly supports the use of this system. M&M
believes that the data collection and analysis capabilities of the system will prove extremely valuable for
its efforts. Resort Operations (RO) also believes that the technology could be leveraged to provide
additional capabilities for managing participation in hotel sponsored “kids programs” and related
children-only events. Several other high level managers have expressed concerns however, about one of
the capabilities that ET, M&M, and RO are most excited about – customizable RFID wrist bands for
managing and tracking attendees.
For an additional fee, the event management platform's vendor will provide customized RFID bands to
be worn by attendees. These bands have unique identifiers embedded in the band that
allow tracking of attendees (admittance, where they go within the venue, what they
"like," how long they stay in a given location, etc.). The RFID bands can also be
connected to an attendee's credit card or debit card account and then used by the
attendee to make purchases for food, beverages, and souvenirs.
The head of Corporate IT has tentatively given approval for this outsourcing because it leverages
cloud-computing capabilities. IT's approval is very important to supporters of this the acquisition
because of the company's ban on "Shadow IT." (Only Corporate IT is allowed to issue contracts for
information technology related purchases, acquisitions, and outsourcing contracts.) Corporate IT also
supports a cloud-based platform since this reduces the amount of infrastructure which IT must support
and manage directly.
The project has come to a screeching halt, however, due to a request by the Chief Privacy Officer for
more information about the benefits of the RFID system and potential privacy issues. Once more, the
management interns have been tapped to help out with a research project. The CPO expects and
requires an unbiased analysis of the proposed use cases and the security and privacy issues which could
be reasonably expected to arise. The defined use cases are:
1. Children (under the age of 13) attending a hotel sponsored “kids club” program.
2. Individuals attending a music festival or other event where IDs must be checked to establish
proof of age (legal requirement for local alcoholic beverage consumption).
3. Attendee management for trade shows
1
Copyright ©2019 by University of Maryland University College. All Rights Reserved
CSIA 300: Cybersecurity for Leaders and Managers
Research
1. Read / Review the readings in the LEO classroom.
2. Read this introduction to RFID technologies: http://www.rfidjournal.com/articles/view?1337 3. Next, read the following descriptions and reviews of event management platforms
a. http://rfid4u.com/wp-content/uploads/2015/12/Event-Management-Case-Study.pdf
b. http://www.capterra.com/event-management-software/ c. http://www.cvent.com/en/event-management-software/# (Ignore the “sign-up” box …
Scroll down to subheadings to find the links to additional web pages)
4. Research one or more of the Use Cases
a. Tracking Children in Entertainment Parks and Kids Club Programs
http://www.rfidjournal.com/blogs/experts/entry?11573 and http://disneycruiselineblog.com/2013/11/all-new-youth-activities-oceaneer-bands-repl
acing-mickey-bands/
b. Managing Adult Attendees at Music Festivals (includes RFID bands linked to twitter,
Facebook, and credit/debit card) http://musicfestivalsrfid.com/ and http://www.techradar.com/news/world-of-tech/rfid-wristbands-vs-nfc-smartphones-w
hat-s-winning-the-contactless-battle-1167135
c. Tracking Adults at Trade Shows
http://www.universalrfid.com/product/rfid-labels-provide-technology-at-trade-shows/
and https://blog.printsome.com/rfid-wristbands-good-bad/ 5. Choose one of the Use Cases then find and review at least one additional resource on your own
that provides information about privacy and security related laws that could limit or impose
additional responsibilities upon Padgett-Beale’s collection, storage, transmission, and use of
data about guests. (Note: laws may differ with respect to collecting data from or about children.)
6. Using all of your readings, identify at least 5 security and privacy issues which the Chief Privacy
Officer needs to consider and address with the Padgett-Beale leadership team as it considers the
implications of your chosen use case.
7. Then, identify 5 best practices that you can recommend to Padgett-Beale’s leadership team to
reduce and/or manage risks associated with the security and privacy of data associated with the
event management platform.
Write
Write a three to five page report using your research. At a minimum, your report must include the
following:
1. An introduction or overview of event management systems and the potential security and privacy
concerns which could arise when implementing this technology. This introduction should be
2
Copyright ©2019 by University of Maryland University College. All Rights Reserved
CSIA 300: Cybersecurity for Leaders and Managers
suitable for an executive audience. Provide a brief explanation as to why three major operating units
believe the company needs this capability.
2. An analysis section in which you address the following:
a. Identify and describe your chosen Use Case
b. Identify and describe five or more types of personal / private information or data
that will be collected, stored, processed, and transmitted in conjunction with the
use case.
c. Analyze and discuss five or more privacy and security issues related to the use case.
d. Identify and discuss 3 or more relevant laws which could impact the planned
implementation of the event management system with RFID wrist bands.
3. A recommendations section in which you identify and discuss five or more best practices for security
and privacy that should be implemented before the technology is put into use by the company.
Include at least one recommendation in each of the following categories: people, processes,
policies, and technologies.
4. A closing section (summary) in which you summarize the issues related to your chosen use case and
the event management platform overall. Include a summary of your recommendations to
Padgett-Beale leadership.
Submit For Grading
Submit your research paper in MS Word format (.docx or .doc file) using the Research Report #1
Assignment in your assignment folder. (Attach your file to the assignment entry.)
Additional Information
1. To save you time, a set of appropriate resources / reference materials has been included as part of
this assignment. You must incorporate at least five of these resources into your final deliverable. You
must also include one resource that you found on your own.
2. Your research report should use standard terms and definitions for cybersecurity. See Course
Content > Cybersecurity Concepts for recommended resources.
3. Your research report should be professional in appearance with consistent use of fonts, font sizes,
margins, etc. You should use headings to organize your paper. The CSIA program recommends that
you follow standard APA formatting since this will give you a document that meets the “professional
appearance” requirements. APA formatting guidelines and examples are found under Course
Resources > APA Resources. An APA template file (MS Word format) has also been provided for your
use.
4. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying
3
Copyright ©2019 by University of Maryland University College. All Rights Reserved
CSIA 300: Cybersecurity for Leaders and Managers
that your punctuation is correct and (d) reviewing your work for correct word usage and correctly
structured sentences and paragraphs.
5. You are expected to credit your sources using in-text citations and reference list entries. Both your
citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
4
Copyright ©2019 by University of Maryland University College. All Rights Reserved