Information security
( Feedback on Your Choices in Vampire Legends: A Role-Playing Simulation on Ethics, Privacy, and Security in the Multiplayer Online Game Business )
Name:
1. Budget Allocation Poll
Points: 5 out of 5
Select the allocation strategy you prefer and click submit.
|
Allocations, in millions |
||||
|
Expense Category |
Strategy A |
Strategy B |
Strategy C |
|
|
1. Marketing Campaign, Ancient Age of Vampires |
$6 |
$3 |
$4 |
|
|
2. IT Expenses |
$1 |
$3 |
$2 |
|
|
3. Digital Rights Management (DRM) |
$2 |
$2 |
$2 |
|
|
4. Salary Increases |
$1 |
$2 |
$2 |
|
|
Total |
$10 |
$10 |
$10 |
|
A B C
Choose an allocation strategy:
You chose Strategy B.
Strategy A maximizes funds spent on marketing at the expense of IT and salaries. Strategy B maximizes funds spent or IT and salaries, making it possible to implement improved security measures, and also raise salaries to reduce turnover. Strategy C is a compromise between those two approaches. Strategy B is the best choice from the standpoint of security and ethics, and earns the highest number of points for this simulation. Companies have a responsibility to protect their customer's data. Strategy A ignores the problems, and earns 0 points. Strategy C earns partial credit.
2. Advertising Allocation Poll
Points: 5 out of 5
Select the advertising campaign approach you think is best:
1. Testimonial from Robert Pattinson (vampire from The Twilight Saga)
2. Leaking information to bloggers about which celebrities are playing
3. 30 day free trial
You chose 3, which is an excellent choice. It was also a good decision on your part to NOT choose #2, which would violate your customers' privacy.
3. Phishing Scam
Points: 0 out of 5
The email that appeared to come from D&L Bank was a simulated phishing scam. The link provided in such emails often takes the victim to a fraudulent website that appears legitimate, so that the criminals can obtain the victim's login credentials or other personal information.
You entered the login information that Jama provided, thereby giving away your account information to the criminals.
4. Break-In Issues
Points: 20 out of 20
Your point totals are shown below. Organizations must respond quickly to a large data breach like this one, informing all the affected people, the company's stakeholders, and the police. Because information like this goes viral on social media, it is not feasible to try to contain it. Instead, company executives should take full responsibility for the breach, assure customers that they have taken measures to protect the data going forward, and that they will do what is needed to make amends.
|
|
Your Choice |
Correct Choice |
Points Earned |
|
1. Inform customers that their data has been breached. |
Agree |
Agree |
2 |
|
2. Inform the Board of Directors about the break-in. |
Agree |
Agree |
2 |
|
3. Delay letting customers know until we know who hacked in. |
Disagree |
Disagree |
2 |
|
4. Prompt customers to change their passwords. |
Agree |
Agree |
2 |
|
5. Do not alert the police because it may be an inside job. |
Disagree |
Disagree |
2 |
|
6. Issue a press release about the break in now. |
Agree |
Agree |
2 |
|
7. Report break in to the police immediately. |
Agree |
Agree |
2 |
|
8. Take the games down until the encryption project is done. |
Agree |
Agree |
2 |
|
9. Offer affected customers 1 year free identity protection. |
Agree |
Agree |
2 |
|
10. Don't do anything until we know who DragonFly is. |
Disagree |
Disagree |
2 |
Total Points for Scored Choices
You received 30 out of 35 points, or 86%.
Discussion Questions
1. Describe the main ethical and security issues that the Digital Artists executive team confronted.
( Responsible decision-making, accountability )
2. During the budget discussion, what arguments would you have used to persuade the team that more funding is needed for information security?
( Responsible decision-making: Executive team agreed to come clean with the customers and the board members by revealing about the truth. Accountability: Executive team decided to take the games down until the encryption project is completed. Though it effect the incoming revenue. )
3. Why is it important for a company to inform their customers when a data breach such as this occurs? What risks does the company assume if the leadership decides not to disclose the information?
( Privacy and confidentiality of customer data are very important for any organization. In my opinion the board took all the decisions that balances the natural laws and rights as well as utilitarian ethics. )
4. If you were constructing a risk matrix for yourself as a student, which would be your top three vulnerabilities and why?
( It is important to inform the customers whenever the data breach happens. When the Sony PS data breach happened in the year 2011, the company delayed one week to inform everyone about the breach and it turned out as a costly mistake for Sony. If the leadership decides not to disclose the information, it is not the right move as per many laws. More than the law, the organization will lose the credibility among customers and it will give more time to the intruder s to misuse the information they have stolen. )