Scenario
The Entertainment Team (ET — part of Resort Operations
at Padgett-Beale, Inc.) is excited about a new event management platform and is
ready to go to contract with the vendor. This platform is a cloud-based service
that provides end-to-end management for events (conferences, concerts,
festivals). The head of Marketing & Media (M&M) is on board and
strongly supports the use of this system. M&M believes that the data
collection and analysis capabilities of the system will prove extremely valuable
for its efforts. Resort Operations (RO) also believes that the technology could
be leveraged to provide additional capabilities for managing participation in
hotel sponsored “kids programs” and related children-only events.
The arm of a hotel guest wearing an RFID band while
sitting poolside
For an additional fee, the event management platform’s
vendor will provide customized Radio Frequency Identification (RFID) bands to
be worn by attendees.
The RFID bands and RFID readers use near-field
communications to identify the wearer and complete the desired transactions
(e.g. record a booth visit, make a purchase, vote for a favorite activity or
performer, etc.).
The RFID bands have unique identifiers embedded in the
band that allow tracking of attendees (admittance, where they go within the
venue, what they “like,” how long they stay in a given location,
etc.).
The RFID bands can also be connected to an attendee’s
credit card or debit card account and then used by the attendee to make
purchases for food, beverages, and souvenirs.
For children, the RFID bands can be paired with a
parent’s band, loaded with allergy information, and have a parent specified
spending limit or spending preauthorization tied to the parent’s credit card
account.
The head of Corporate IT has tentatively given approval
for this outsourcing because it leverages cloud-computing capabilities. IT’s
approval is very important to supporters of this the acquisition because of the
company’s ban on “Shadow IT.” (Only Corporate IT is allowed to issue
contracts for information technology related purchases, acquisitions, and
outsourcing contracts.) Corporate IT also supports a cloud-based platform since
this reduces the amount of infrastructure which IT must support and manage directly.
The project has come to a screeching halt, however, due
to an objection by the Chief Financial Officer. The CFO has asked that the IT
Governance Board investigate this project and obtain more information about the
benefits and risks of using RFID bands linked to an external system which
processes transactions and authorizations of mobile / cashless payments for
goods and services. The CFO is concerned that the company’s PCI Compliance
status may be adversely affected.
The Chief Privacy Officer has also expressed an objection
about this project. The CPO is concerned about the privacy implications of
tracking both movement of individuals and the tracking of their purchasing
behaviors.
The IT Governance Board agreed that the concerns
expressed by two of its members (the CFO and CPO) have merit. The board has
requested an unbiased analysis of the proposed use cases and the security and
privacy issues which could be reasonably expected to arise.
The IT Governance Board has also agreed to a request from
the Chief of Staff that the management interns be allowed to participate in
this analysis as their final project. Per the agreement, their involvement will
be limited to providing background research into the defined use cases for
cashless purchases.
Case:
Task
Purchases for craft
materials and snacks by children (under the age of 13) attending a hotel
sponsored “kids club” program.
Research one or more of the Use Cases
E. (2024, June 17). What benefits of RFID wristbands for
hotels, resorts & theme parks? RFIDSilicone. Retrieved June 17, 2024, from https://www.rfidsilicone.com/blog/industry-news/what-benefits-of-rfid-wristbands-for-hotels-resorts-theme-parks.html
(see section 4: Family Freedom)
Zougar, Y. (2018, July 27). An introduction to RFID.
INFOSEC. Retrieved June 13, 2024, from https://www.infosecinstitute.com/resources/general-security/an-introduction-to-rfid/#:~:text=RFID%20stands%20for%20Radio%20Frequency,order%20to%20transmit%20and%20receive
A. W. (2019, June 15). TAPPIT LAUNCHES NEW RFID WRISTBAND
SAFETY FUNCTIONALITY. TAPPIT. Retrieved June 17, 2024, from https://tappit.com/resources/blog/rfid-wristband-safety
4. Find and review at least two additional
resources on your own that provides information about privacy and security
related laws that could limit or impose additional responsibilities upon
Padgett-Beale’s collection, storage, transmission, and use of data about
guests. (Note: laws may differ with respect to collecting data from or about
children.) You should also investigate laws, regulations, or standards which
impact the use of the RFID bands for mobile purchases.
5. Using all of your readings, identify and
research at least 7 security and privacy issues which the IT Governance Board
needs to consider and address as it considers the implications of your chosen
use case upon the adoption or rejection of the proposed IT project (Event
Management Platform & RFID bands).
6. Then, identify 7 best practices that you can
recommend to Padgett-Beale’s leadership team to reduce and/or manage risks
associated with the security and privacy of data associated with the event
management platform.
Write
Write a five to seven (5-7) page report using your research.
At a minimum, your report must include the following:
An introduction or overview of event management systems and
the potential security and privacy concerns which could arise when implementing
this technology. This introduction
should be suitable for an executive audience. Provide a brief explanation as to
why three major operating units believe the company needs this capability.
An analysis section in which you address the following:
Identify and describe your chosen Use Case
·
Identify and describe 7 or more types of
personal / private information or data that will be collected, stored,
processed, and transmitted in conjunction with the use case.
·
Identify and describe 5 or more compliance
issues related to the use of the RFID bands to make and track mobile purchases.
·
Analyze and discuss 7 or more privacy and
security issues related to the use case.
·
Identify and discuss 3 or more relevant laws,
regulations, or standards which could impact the planned implementation of the
event management system with RFID wrist bands.
A recommendations section in which you
identify and discuss 8 or more best practices for security and privacy that
should be implemented before the technology is put into use by the company.
Include at least 2 recommendations in each of the following categories: people,
processes, policies, and technologies.
A closing section (summary) in which you summarize
the issues related to your chosen use case and the event management platform
overall. Include a summary of your recommendations to the IT Governance Board.
Must incorporate at least 5 of these resources into
your final deliverable. You must also include 2 resources that you found on
your own.
Research report should use standard terms and definitions
for cybersecurity.
References
GOV, U. (n.d.). Protecting Intellectual Property in the
United States: A Guide for Small and Medium-Sized Enterprises in the United
Kingdom. STOPfakes:Uspto.gov. Retrieved June 9, 2024, from https://www.uspto.gov/sites/default/files/documents/UK-SME-IP-Toolkit_FINAL.pdf
Alto, P. (n.d.). What is an Exploit Kit? Palo Alto.
Retrieved June 9, 2024, from https://www.uspto.gov/sites/default/files/documents/UK-SME-IP-Toolkit_FINAL.pdf
Z. (n.d.). Anatomy of APT: Advanced Persistent Threat
Guide. Zenarmor. Retrieved June 9, 2024, from https://www.zenarmor.com/docs/network-security-tutorials/what-is-advanced-persistent-threat-apt
Limacher, M.,
& Fauconnet, L. (n.d.). The Legal and Ethical Guardrails for Sound
Competitive Intelligence. Pragmatic Institute. Retrieved June 13, 2024, from https://www.pragmaticinstitute.com/resources/articles/product/the-legal-and-ethical-guardrails-for-sound-competitive-intelligence/
Radar, C. (n.d.). The Legal and Ethical Guardrails for
Sound Competitive Intelligence. CI Radar. Retrieved June 13, 2024, from https://ciradar.com/competitive-intelligence-blog/insights/2017/12/22/the-ethics-of-competitive-intelligence-where-uber-crossed-the-line
Zougar, Y. (2018, July 27). An
introduction to RFID. INFOSEC. Retrieved June 13, 2024, from https://www.infosecinstitute.com/resources/general-security/an-introduction-to-rfid/#:~:text=RFID%20stands%20for%20Radio%20Frequency,order%20to%20transmit%20and%20receive
Awati, R. (2022, June 12). Segregation of duties (SoD).
WHATIs. Retrieved June 13, 2024, from https://www.techtarget.com/whatis/definition/segregation-of-duties-SoD
Counsel, U. (2022, October 27). Intellectual Theft:
Everything You Need to Know. UpCounsel. Retrieved June 9, 2024, from https://www.uspto.gov/sites/default/files/documents/UK-SME-IP-Toolkit_FINAL.pdf
Miller, M. (2023, June 13). What Is Least Privilege &
Why Do You Need It? BeyondTrust. Retrieved June 13, 2024, from https://www.beyondtrust.com/blog/entry/what-is-least-privilege
S. (2023, June 27). Data Exfiltration: Prevention, Risks
& Best Practices. Splunk’. Retrieved June 9, 2024, from https://www.splunk.com/en_us/blog/learn/data-exfiltration.html
M. D. (2023, August 31). An IP Guide for the Corporate
Legal Practitioner: IP Theft and the Major Threats to Your Client’s IP.
DILWORTH. Retrieved June 13, 2024, from https://www.dilworthip.com/resources/news/threats-to-intellectual-property/
A. W. (2023, October 3). The Top 3 Cyber Attack Vectors.
ARTICWOLF. Retrieved June 9, 2024, from https://arcticwolf.com/resources/blog/top-five-cyberattack-vectors/
Scenario The Entertainment Team (ET — part of Resort Operations at Padgett-Bea
Struggling With a Similar Paper? Get Reliable Help Now.
Delivered on time. Plagiarism-free. Good Grades.
What is this?
It’s a homework service designed by a team of 23 writers based in Carlsbad, CA with one specific goal – to help students just like you complete their assignments on time and get good grades!
Why do you do it?
Because getting a degree is hard these days! With many students being forced to juggle between demanding careers, family life and a rigorous academic schedule. Having a helping hand from time to time goes a long way in making sure you get to the finish line with your sanity intact!
How does it work?
You have an assignment you need help with. Instead of struggling on this alone, you give us your assignment instructions, we select a team of 2 writers to work on your paper, after it’s done we send it to you via email.
What kind of writer will work on my paper?
Our support team will assign your paper to a team of 2 writers with a background in your degree – For example, if you have a nursing paper we will select a team with a nursing background. The main writer will handle the research and writing part while the second writer will proof the paper for grammar, formatting & referencing mistakes if any.
Our team is comprised of native English speakers working exclusively from the United States.
Will the paper be original?
Yes! It will be just as if you wrote the paper yourself! Completely original, written from your scratch following your specific instructions.
Is it free?
No, it’s a paid service. You pay for someone to work on your assignment for you.
Is it legit? Can I trust you?
Completely legit, backed by an iron-clad money back guarantee. We’ve been doing this since 2007 – helping students like you get through college.
Will you deliver it on time?
Absolutely! We understand you have a really tight deadline and you need this delivered a few hours before your deadline so you can look at it before turning it in.
Can you get me a good grade? It’s my final project and I need a good grade.
Yes! We only pick projects where we are sure we’ll deliver good grades.
What do you need to get started on my paper?
* The full assignment instructions as they appear on your school account.
* If a Grading Rubric is present, make sure to attach it.
* Include any special announcements or emails you might have gotten from your Professor pertaining to this assignment.
* Any templates or additional files required to complete the assignment.
How do I place an order?
You can do so through our custom order page here or you can talk to our live chat team and they’ll guide you on how to do this.
How will I receive my paper?
We will send it to your email. Please make sure to provide us with your best email – we’ll be using this to communicate to you throughout the whole process.
Getting Your Paper Today is as Simple as ABC
No more missed deadlines! No more late points deductions!
You give us your assignments instructions via email or through our order page.
Our support team selects a qualified writing team of 2 writers for you.
In under 5 minutes after you place your order, research & writing begins.
Complete paper is delivered to your email before your deadline is up.
Want A Good Grade?
Get a professional writer who has worked on a similar assignment to do this paper for you