Scenario
The Entertainment
Team (ET — part of Resort Operations at Padgett-Beale, Inc.) is excited about
a new event management platform and is ready to go to contract with the vendor.
This platform is a cloud-based service that provides end-to-end management for
events (conferences, concerts, festivals). The head of Marketing & Media
(M&M) is on board and strongly supports the use of this system. M&M
believes that the data collection and analysis capabilities of the system will
prove extremely valuable for its efforts. Resort Operations (RO) also believes
that the technology could be leveraged to provide additional capabilities for
managing participation in hotel sponsored “kids programs” and related
children-only events.
For an additional fee, the event
management platform’s vendor will provide customized RFID bands to be worn by
attendees.
The RFID bands and RFID readers use
near-field communications to identify the wearer and complete the desired
transactions (e.g. record a booth visit, make a purchase, vote for a favorite
activity or performer, etc.).
The RFID bands have unique identifiers
embedded in the band that allow tracking of attendees (admittance, where they
go within the venue, what they “like,” how long they stay in a given
location, etc.).
The RFID bands can also be connected to an
attendee’s credit card or debit card account and then used by the attendee to
make purchases for food, beverages, and souvenirs.
For children, the RFID bands can be paired
with a parent’s band, loaded with allergy information, and have a parent
specified spending limit or spending preauthorization tied to the parent’s credit
card account.
The head of
Corporate IT has tentatively given approval for this outsourcing because it
leverages cloud-computing capabilities.
IT’s approval is very important to
supporters of this the acquisition because of the company’s ban on “Shadow
IT.” (Only Corporate IT is allowed to issue contracts for information
technology related purchases, acquisitions, and outsourcing contracts.)Corporate IT also supports a cloud-based platform since this reduces the amount
of infrastructure which IT must support and manage directly.
The project
has come to a screeching halt, however, due to an objection by the Chief
Financial Officer. The CFO has asked that the IT Governance Board investigate
this project and obtain more information about the benefits and risks of using
RFID bands linked to an external system which processes transactions and
authorizations of mobile / cashless payments for goods and services. The CFO is
concerned that the company’s PCI Compliance status may be adversely affected.
The IT
Governance Board agreed that the concerns expressed by two of its members (the
CFO and CPO) have merit. The board has requested an unbiased analysis of the
proposed use cases and the security and privacy issues which could be
reasonably expected to arise.
The IT Governance
Board has also agreed to a request from the Chief of Staff that the management
interns be allowed to participate in this analysis as their final project. Per
the agreement, their involvement will be limited to providing background
research into the defined use cases for cashless purchases. These use cases
are:
1.
Purchases for craft materials and snacks by children
(under the age of 13) attending a hotel sponsored “kids club” program.
2.
Purchases by Individuals attending a music
festival or other event where IDs must be checked to establish proof of age
(legal requirement for local alcoholic beverage consumption).
3.
Purchases by attendees at trade shows (attendees
are “adults”).
Your Task
Pick one of the three use cases listed above. Then, follow
the directions below to complete the required research and write your final
report.
Research
1.
Read / Review the readings in the LEO classroom.
2.
Read this introductions to RFID technologies: https://www.gettoken.com/beginners-guide-rfid-technology-events/
3.
Research one or more of the Use Cases
a.
Children: 8 Benefits of Using RFID Wristbands
for Resorts & Attractions (see section 4: Family Freedom) https://www.idcband.com/en-us/blog-us/8-benefits-of-using-rfid-wristbands-resorts-attractions/
and https://tappit.com/resources/blog/rfid-wristband-safety
b.
Managing Adult Attendees at Music Festivals
(includes RFID bands linked to twitter, Facebook, and credit/debit card) http://www.techradar.com/news/world-of-tech/rfid-wristbands-vs-nfc-smartphones-what-s-winning-the-contactless-battle-1167135
c.
Tracking Adults at Trade Shows https://blog.printsome.com/rfid-wristbands-good-bad/
4. Choose one of the Use Cases then find and
review at least one additional resource on your own that provides information
about privacy and security related laws that could limit or impose additional
responsibilities upon Padgett-Beale’s collection, storage, transmission, and
use of data about guests. (Note: laws may differ with respect to collecting
data from or about children.) You should also investigate laws, regulations, or
standards which impact the use of the RFID bands for mobile purchases.
5. Using
all of your readings, identify and research at least 5 security and privacy
issues which the IT Governance Board needs to consider and address as it
considers the implications of your chosen use case upon the adoption or
rejection of the proposed IT project (Event Management Platform & RFID
bands).
6. Then,
identify 5 best practices that you can recommend to Padgett-Beale’s leadership
team to reduce and/or manage risks associated with the security and privacy of
data associated with the event management platform.
3.
Purchases by attendees at trade shows (attendees
are “adults”).Write a five to seven
(5-7) page report using your research. At a minimum, your report must include
the following:
1. An
introduction or overview of event management systems and the potential security
and privacy concerns which could arise when implementing this technology. This introduction should be suitable for an
executive audience. Provide a brief explanation as to why three major operating
units believe the company needs this capability.
2. An
analysis section in which you address the following:
a. Identify
and describe your chosen Use Case
b. Identify
and describe five or more types of personal / private information or data that
will be collected, stored, processed, and transmitted in conjunction with the
use case.
c. Identify
and describe five or more compliance issues related to the use of the RFID
bands to make and track mobile purchases.
d. Analyze
and discuss five or more privacy and security issues related to the use case.
e.
Identify and discuss 3 or more relevant laws,
regulations, or standards which could impact the planned implementation of the
event management system with RFID wrist bands.
3.
A recommendations section in which you identify
and discuss five or more best practices for security and privacy that should be
implemented before the technology is put into use by the company. Include at
least one recommendation in each of the following categories: people,
processes, policies, and technologies.
4.
A closing section (summary) in which you summarize
the issues related to your chosen use case and the event management platform
overall. Include a summary of your recommendations to the IT Governance Board.
Submit for Grading
Submit your research paper in MS Word format (.docx or
.doc file) using the Research Report #2 Assignment in your assignment folder.
(Attach your file to the assignment entry.)
Additional Information
1. To
save you time, a set of appropriate resources / reference materials has been
included as part of this assignment. You must incorporate at least five of
these resources into your final deliverable. You must also include one resource
that you found on your own.
2. Your
research report should use standard terms and definitions for cybersecurity.
3. Your
research report should be professional in appearance with consistent use of
fonts, font sizes, margins, etc. You should use headings to organize your
paper. The CSIA program recommends that you follow standard APA formatting
since this will give you a document that meets the “professional appearance”
requirements. APA formatting guidelines and examples are found under Course
Resources > APA Resources. An APA template file (MS Word format) has also
been provided for your use.
4. You
are expected to write grammatically correct English in every assignment that
you submit for grading. Do not turn in any work without (a) using spell check,
(b) using grammar check, (c) verifying that your punctuation is correct and (d)
reviewing your work for correct word usage and correctly structured sentences
and paragraphs.
5. You
are expected to credit your sources using in-text citations and reference list
entries. Both your citations and your reference list entries must follow a
consistent citation style (APA, MLA, etc.).