Information security

profileSHAN10
Vampire_Legends_Simulation_Feedback-converted.docx

( Feedback on Your Choices in Vampire Legends: A Role-Playing Simulation on Ethics, Privacy, and Security in the Multiplayer Online Game Business )

Name:

1. Budget Allocation Poll

Points: 5 out of 5

Select the allocation strategy you prefer and click submit.

Allocations, in millions

Expense Category

Strategy A

Strategy B

Strategy C

1. Marketing Campaign, Ancient Age of Vampires

$6

$3

$4

2. IT Expenses

$1

$3

$2

3. Digital Rights Management (DRM)

$2

$2

$2

4. Salary Increases

$1

$2

$2

Total

$10

$10

$10

A B C

Choose an allocation strategy:

You chose Strategy B.

Strategy A maximizes funds spent on marketing at the expense of IT and salaries. Strategy B maximizes funds spent or IT and salaries, making it possible to implement improved security measures, and also raise salaries to reduce turnover. Strategy C is a compromise between those two approaches. Strategy B is the best choice from the standpoint of security and ethics, and earns the highest number of points for this simulation. Companies have a responsibility to protect their customer's data. Strategy A ignores the problems, and earns 0 points. Strategy C earns partial credit.

2. Advertising Allocation Poll

Points: 5 out of 5

Select the advertising campaign approach you think is best:

1. Testimonial from Robert Pattinson (vampire from The Twilight Saga)

2. Leaking information to bloggers about which celebrities are playing

3. 30 day free trial

You chose 3, which is an excellent choice. It was also a good decision on your part to NOT choose #2, which would violate your customers' privacy.

3. Phishing Scam

Points: 0 out of 5

The email that appeared to come from D&L Bank was a simulated phishing scam. The link provided in such emails often takes the victim to a fraudulent website that appears legitimate, so that the criminals can obtain the victim's login credentials or other personal information.

You entered the login information that Jama provided, thereby giving away your account information to the criminals.

4. Break-In Issues

Points: 20 out of 20

Your point totals are shown below. Organizations must respond quickly to a large data breach like this one, informing all the affected people, the company's stakeholders, and the police. Because information like this goes viral on social media, it is not feasible to try to contain it. Instead, company executives should take full responsibility for the breach, assure customers that they have taken measures to protect the data going forward, and that they will do what is needed to make amends.

Your Choice

Correct Choice

Points Earned

1. Inform customers that their data has been breached.

Agree

Agree

2

2. Inform the Board of Directors about the break-in.

Agree

Agree

2

3. Delay letting customers know until we know who hacked in.

Disagree

Disagree

2

4. Prompt customers to change their passwords.

Agree

Agree

2

5. Do not alert the police because it may be an inside job.

Disagree

Disagree

2

6. Issue a press release about the break in now.

Agree

Agree

2

7. Report break in to the police immediately.

Agree

Agree

2

8. Take the games down until the encryption project is done.

Agree

Agree

2

9. Offer affected customers 1 year free identity protection.

Agree

Agree

2

10. Don't do anything until we know who DragonFly is.

Disagree

Disagree

2

Total Points for Scored Choices

You received 30 out of 35 points, or 86%.

Discussion Questions

1. Describe the main ethical and security issues that the Digital Artists executive team confronted.

( Responsible decision-making, accountability )

2. During the budget discussion, what arguments would you have used to persuade the team that more funding is needed for information security?

( Responsible decision-making: Executive team agreed to come clean with the customers and the board members by revealing about the truth. Accountability: Executive team decided to take the games down until the encryption project is completed. Though it effect the incoming revenue. )

3. Why is it important for a company to inform their customers when a data breach such as this occurs? What risks does the company assume if the leadership decides not to disclose the information?

( Privacy and confidentiality of customer data are very important for any organization. In my opinion the board took all the decisions that balances the natural laws and rights as well as utilitarian ethics. )

4. If you were constructing a risk matrix for yourself as a student, which would be your top three vulnerabilities and why?

( It is important to inform the customers whenever the data breach happens. When the Sony PS data breach happened in the year 2011, the company delayed one week to inform everyone about the breach and it turned out as a costly mistake for Sony. If the leadership decides not to disclose the information, it is not the right move as per many laws. More than the law, the organization will lose the credibility among customers and it will give more time to the intruder s to misuse the information they have stolen. )