Help with research paper

User Generated

errffrf214

Business Finance

Description

Research Report #2: Emerging Issues Analysis and Report

Scenario

The Entertainment Team (ET -- part of Resort Operations at Padgett-Beale, Inc.) is excited about a new event management platform and is ready to go to contract with the vendor. This platform is a cloud-based service that provides end-to-end management for events (conferences, concerts, festivals). The head of Marketing & Media (M&M) is on board and strongly supports the use of this system. M&M believes that the data collection and analysis capabilities of the system will prove extremely valuable for its efforts. Resort Operations (RO) also believes that the technology could be leveraged to provide additional capabilities for managing participation in hotel sponsored “kids programs” and related children-only events. Several other high level managers have expressed concerns however, about one of the capabilities that ET, M&M, and RO are most excited about – customizable RFID wrist bands for managing and tracking attendees.

For an additional fee, the event management platform's vendor will provide customized RFID bands to be worn by attendees. These bands have unique identifiers embedded in the band that allow tracking of attendees (admittance, where they go within the venue, what they "like," how long they stay in a given location, etc.). The RFID bands can also be connected to an attendee's credit card or debit card account and then used by the attendee to make purchases for food, beverages, and souvenirs.

The head of Corporate IT has tentatively given approval for this outsourcing because it leverages cloud-computing capabilities. IT's approval is very important to supporters of this the acquisition because of the company's ban on "Shadow IT." (Only Corporate IT is allowed to issue contracts for information technology related purchases, acquisitions, and outsourcing contracts.) Corporate IT also supports a cloud-based platform since this reduces the amount of infrastructure which IT must support and manage directly.

The project has come to a screeching halt, however, due to a request by the Chief Privacy Officer for more information about the benefits of the RFID system and potential privacy issues. Once more, the management interns have been tapped to help out with a research project.The CPO expects and requires an unbiased analysis of the proposed use cases and the security and privacy issues which could be reasonably expected to arise. The defined use cases are:

  • Children (under the age of 13) attending a hotel sponsored “kids club” program.
  • Individuals attending a music festival or other event where IDs must be checked to establish proof of age (legal requirement for local alcoholic beverage consumption).
  • Attendee management for trade shows

Research

Write

Write a three to five page report using your research. At a minimum, your report must include the following:

1.An introduction or overview of event management systems and the potential security and privacy concerns which could arise when implementing this technology. This introduction should be suitable for an executive audience. Provide a brief explanation as to why three major operating units believe the company needs this capability.

2.An analysis section in which you address the following:

  • A recommendations section in which you identify and discuss five or more best practices for security and privacy that should be implemented before the technology is put into use by the company. Include at least one recommendation in each of the following categories: people, processes, policies, and technologies.
  • A closing section (summary) in which you summarize the issues related to your chosen use case and the event management platform overall. Include a summary of your recommendations to Padgett-Beale leadership.

Submit For Grading

Submit your research paper in MS Word format (.docx or .doc file) using the Research Report #1 Assignment in your assignment folder. (Attach your file to the assignment entry.)

Additional Information

  • To save you time, a set of appropriate resources / reference materials has been included as part of this assignment. You must incorporate at least five of these resources into your final deliverable. You must also include one resource that you found on your own.
  • Your research report should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources.

3.Your research report should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use.

4.You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

5.You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).

Unformatted Attachment Preview

Running Head: EXTORTION ON THE JOB Extortion on the Job Valorie J. King, PhD August 16, 2017 (originally published April 2, 2014) 1 Running Head: EXTORTION ON THE JOB 2 Introduction Writing as Anonymous (2003), the Chief Information Security Officer (CISO) of a major United States (US) corporation told a chilling tale of email based extortion attempts against employees who had received extortion threats via email sent to their corporate email addresses. The corporation, its managers, and the individual employees who were targeted faced a number of issues and dilemmas as they responded to security incident caused by the extortion attempts. In the following analysis, one issue–the enforcement of acceptable use policies–is discussed and critiqued. Analysis The Attack Drive by download attacks occur when a legitimate Web server has been infected with malware or malicious scripts which deliver malware, pornography, or other objectionable material along with the Web page content that the visitor was expecting to see (Microsoft, 2014; Niki, 2009). These types of attacks are difficult to detect and often result in the infection of large numbers of visitors before the infection is detected and removed from the Web site. In this attack, computers used by the affected employees (victims) were compromised by a drive by download attack (Microsoft, 2014) which resulted in the download of pornographic materials while they were browsing websites which, in turn, had been compromised (Anonymous, 2003). The attackers also obtained each visitor’s email address from the Web browser. Extortion emails were sent to victims demanding credit card payment of hush fees. The extortionists told the victims exactly where the contraband files were located on the computer hard drive and assured the victims that it was impossible to remove those files. Running Head: EXTORTION ON THE JOB 3 Why the Problem Went Unreported Anonymous (2003) discovered that he was dealing with “paranoid users who don't trust security people” (p. 1). There are many possible reasons why employees turn into paranoid users who are unwilling to self-report for security incidents, even those which are accidental. Two such reasons are enforcement of zero tolerance for violations and perceptions of unfairness or a lack of justice. Zero tolerance. The previous CISO implemented a zero tolerance policy with respect to acceptable use policy (AUP) violations (Anonymous, 2003). Under this zero-tolerance policy, a number of employees were terminated (fired), without due process or hearings to establish guilt or innocence. When employees began receiving extortion emails and threats, they believed that their jobs could be placed at risk, regardless of their innocence or guilt with respect to downloading of pornography to company computers, if they reported the presence of pornographic files (pushed to the computer by the extortionists). Perceptions of fairness and justice. When employees feel that IT policy enforcement is unfair, the situation is usually accompanied by extreme and long-lasting negative feelings or emotions (Flint et al., 2005). The overall result (consequences) in this instance was an increase in unethical behavior as victims attempted to hide or cover-up the extortion attempts (lying) rather than asking their employer for assistance and protection from harm (Moor, 1999). This undesirable result is, in part, due to the employer’s failure to consider the consequences of the application of the zero tolerance policy. Incident Response The new CISO treated the extortion situation as a security incident rather than as an employee disciplinary problem (Anonymous, 2003). He and his IT Security Staff investigated Running Head: EXTORTION ON THE JOB 4 the situation and learned that (a) the company’s employees regularly received such threats and (b) some of them had paid the extortionists rather than risk losing their jobs. The CISO directed the IT Security Staff to reconfigure firewalls and other network security appliances to block all further emails containing extortion keywords or from the known IP addresses for the extortionists. The CISO also met with IT staff members to determine what additional protective actions could be taken. Finally, the new CISO met with the IT staff and other selected employees to determine what actions needed to be taken to encourage employees to come forward (selfreport) in the future and decrease the atmosphere of fear and distrust that he had inherited. Summary and Conclusions In this article, the author highlighted some of the problems that can arise when employers emphasize adherence to rules rather than seeking a balance between rules and outcomes (Anonymous, 2003). The company’s zero-tolerance enforcement of its acceptable use policy resulted in undesirable outcomes, particularly the creation of an atmosphere of fear and secretive behavior. This, in turn, resulted in employees being unwilling to report security incidents. To avoid this problem in the future, corporate management should review the potential negative consequences or outcomes of policy enforcement and address specific circumstances with compassion rather than hardline enforcement (Reynolds, 2007). Running Head: EXTORTION ON THE JOB 5 References Anonymous. (2003, February 3). A sordid tale. Chief Security Officer. CSO Online. Retrieved from http://www.csoonline.com/article/2116226/fraud-prevention/extortion-by-e-mail--asordid-tale.html Flint, D., Hernandez-Marrero, P., & Wielemaker, M. (2005). The role of affect and cognition in the perception of outcome acceptability under different justice conditions. The Journal of American Academy of Business, 7(1), 269-277. Microsoft. (2014). Microsoft security intelligence report. Retrieved from http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx Moor, J. H. (1999). Just consequentialism and computing. Ethics and Information Technology, 1(1), 61-69. Niki, A. (2009, December). Drive-by download attacks: Effects and detection methods. Paper presented at the 3rd IT Student Conference for the Next Generation. Retrieved from http://www.kaspersky.com/fr/images/driveby_download_attacks_effects_and_detection_methods.pdf Reynolds, G. W. (2007). Ethics in information technology (2nd ed.). Boston, MA: Thompson Course Technology. Aligning CobiT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit (pp. 13-18) http://www.isaca.org/Knowledge-Center/Research/Documents/Aligning-COBIT-ITIL-V3-ISO27002-forBusiness-Benefit_res_Eng_1108.pdf Business Model for Information Security (pp. 5-15) http://www.isaca.org/knowledge-center/research/documents/introduction-to-the-business-model-forinformation-security_res_eng_0109.pdf NIST Cybersecurity Framework (version 1, Ch 1 & 2) https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework021214.pdf NIST Risk Management Framework SP 800-37 (pp. 18, 22-23) https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf NIST Security and Privacy Controls for Federal Information Systems and Organizations 800-53 (Abstract, Notes, Ch 1 & 2) https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-53r4.pdf Governance, Risk and Compliance (GRC) https://www.oceg.org/about/what-is-grc/ Understanding the Types of Risks That Could Affect Your Business https://www.dnb.com/perspectives/small-business/understanding-the-types-of-risks-that-could-affectyour-business.html Cyber Attack Example: Extortion Extortion by E-Mail: A Sordid Tale https://www.csoonline.com/article/2116226/fraud-prevention/extortion-by-e-mail--a-sordid-tale.html CYBERSECURITY MANAGEMENT & POLICY Padgett-Beale, Inc. A case study for CSIA 300 Valorie J. King, PhD 8/18/2017 Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300 Cybersecurity for Leaders and Managers Welcome! Dear Intern, Welcome to Padgett-Beale! We are excited to have you join us as a management intern and hope that your participation in our virtual / online program will be beneficial for both you and our company. This year, our management interns will have the opportunity to participate in Padgett-Beale’s pervasive cybersecurity initiative. This initiative is designed to help our employees and managers better understand and address the cybersecurity problems that our company is facing. These problems include a host of privacy related concerns, intellectual property protection issues, and the appropriate use of information technology resources. Since you are joining us as a management intern, you will also be participating in our internal training program: Cybersecurity for Leaders and Managers. During this eightweek program, you will have an opportunity to participate in a number of management and leadership activities and assessments related to cybersecurity. As you move through this program, we hope that you and your peers will take advantage of the numerous communication channels made available to you via our internal Websites and discussion forums. We are truly interested in learning from you and hearing your thoughts on the management and leadership issues that you encounter during your time with us. Finally, our goal is to help you find opportunities to take what you learn here and apply it to your future studies and career. We hope that you, in turn, will help us by providing feedback during and at the end of this program. Thank you for your participation and, again, Welcome! Sincerely, Edwina L. Beale Edwina L. Beale Chief of Staff and Manager, Internship Programs Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300: Cybersecurity for Leaders and Managers Padgett-Beale Organization Chart -- 2017 Figure 1. Padgett-Beale, Inc. Organization Chart Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300: Cybersecurity for Leaders and Managers Company History Elmer and Robenia Padgett’s first hotel, Robenia’s Guest House, opened in 1925 with six family suites (two per floor), a tea room, and a formal dining room. The guest house primarily served wealthy families who relocated to the seashore for the summer to escape the heat in New York City. This property provided amenities and services matching those of rival longstay hotels in major cities along the East Coast. The second and third properties, Padgett’s Hotel and Padgett’s Beach House, were acquired in 1935. Flintom’s Tavern, a landmark restaurant and entertainment venue, was added to the Padgett properties portfolio in 1940. Periodic resurgences in popularity of the seashore as a vacation destination occurred over the next fifty years (1940-1990) as bridges were built, roads were improved, and regional economies strengthened. These resurgences brought additional competition as new motels and resorts operated by national chains entered the seashore vacations market. Major weather events in the 1970’s resulted in damage to both Padgett’s Beach House and Flintom’s Tavern causing both to close for an extended period of renovations. The Padgett family’s brand remained strong, despite these setbacks, as members of the family took a personal interest in the day-to-day operations and management of the company. Padgett’s was not an early adopter of computers and information technology. But, over time and as younger family members entered the business, computers began a slow march into the company’s offices in the form of personal computers with word processing, spreadsheets, and database systems. Personal computers also made their way into manager’s offices in the hotel properties where spreadsheets proved valuable in tracking revenues and expenses. In 1982, an embezzlement scandal at Flintom’s Tavern forced the company to adopt computer-based point of sale (POS) systems throughout the company for all cash handling functions (hotel front desks and restaurants). A benefit of the POS systems were the built-in reporting functions, which enabled the company to more closely track cash and credit sales by property. By 1995, the company had fully integrated custom hotel management software into its operations. This software and the associated databases were hosted on company owned / operated mainframe computer systems. By the end of the decade, information technologies were in use to support all aspects of the company’s internal operations (accounting, customer service, property management, and reservations). At the beginning of the new century, the company adopted its first strategic plan with a heavy emphasis upon growth and expansion. Under this plan, the company branched out and began offering hotel and resort management services to other hoteliers and property owners. Advanced telephony services and implementation of custom software allowed Padgett’s to offer one of the first centralized reservations management services. The company also leveraged the Internet and World Wide Web to launch a resort affiliates program, which provided a menu of business related services to member properties. These services included: online advertising and promotions, architecture and design assistance, business operations consulting, group Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300: Cybersecurity for Leaders and Managers business insurance, and guest loyalty programs. The hotel and resort management services business area continues to be the major source of revenues and profits for the company and its owners. As part of Padgett’s expansion plan, the company purchased Beale Realty Holdings in 2001 and formed Padgett-Beale, Inc. (PBI). Shortly thereafter, PBI embarked on a series of realestate acquisition activities, which led to the purchase of several large tracts of prime Eastern Shore waterfront property. The company’s long-term plan was to hold the properties as real estate investments and, when market demand rose sufficiently, expand into development, sales, and management of condominiums and vacation time-share properties. The focus on long term investment was a wise choice as this particular market segment was adversely impacted by the housing boom/bust in the mid 2000’s. At the time of purchase, the waterfront properties were in use as campgrounds and resorts for tent-campers, travel-trailers, and motorhomes. These camping facilities were allowed to continue their existing operations with minimal investment and oversight for the next 15 years (2002 – 2017). During this laissez-faire management period, some campground managers modernized their camp offices and stores by purchasing computer-based point of sale systems that allowed them to accept credit and debit cards. Most of these managers also outsourced their reservations management to a third party online reservations system, which provided a customized website to advertise each park and provide access to the online reservations system. A few campgrounds did not modernize beyond setting up a simple website with contact information and a few photographs. These facilities continue to use a mail or telephone-based reservation process with a “cash only” payment policy. In 2015, the day-to-day operations and management of PBI was transitioned to a new leadership team recruited from leading hotel and resort management companies. The new leadership team includes the Chief Executive Officer, Chief Financial Officer, Chief Operating Officer / Director for Resort Operations, and the Corporate Counsel (attorney) who is also dual-hatted as the Chief Privacy Officer. Under this new leadership, the company was reorganized to better focus on the three most profitable business areas: Resort Operations, Reservations Services, and Resort Affiliates. Management and daily operations for the three company owned hotel properties (Robenia’s Guest House, Padgett’s Hotel, and Padgett’s Beach House), Flintom’s Tavern, and the campgrounds / trailer parks were transferred to the newly formed Property Holdings and Development division. Building a strong management and leadership team is a priority for both the new CEO and the current chair of the PBI Board of Directors. In 2017, these two leaders developed and launched a management internship program whose participants were recruited from a select group of colleges and universities. The next class of management interns has just started in program and will soon find out where their first assignment will take them within the company. Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300: Cybersecurity for Leaders and Managers Industry Overview Padgett-Beale, Inc. (PBI) operates in the Hotels, Motels, & Resorts industry (NAICS Codes 721110 and SIC Codes 7011) (First Research, 2017a). Hotels, motels, and resorts provide short-term housing and lodging for travelers and visitors. Related services offered by companies in this industry include: catering and meals, conferences and event hosting, entertainment, resort amenities (golf, swimming, spa, etc.), etc. The company also operates in the Recreational Vehicle Parks industry (NAICS Codes 721211; SIC Codes 7033) as both an owner/operator and as a management and operations partner providing specialty services to member and affiliate RV parks. Hotels, Motels, and Resorts Leading firms in this industry include Marriott International, Inc., Hilton Worldwide Holdings, Inc., and Starwood Hotels & Resorts Worldwide, LLC (First Research, 2017a). On an annual basis, this global industry generates over $500 billion in revenue. The U.S. segment of this industry generates approximately $175 billion in revenues each year. These revenues may be generated directly from operation and management of company owned properties. Or, revenues may be generated through franchising arrangements or through fees generated in conjunction with property management / hotel operations services provided to other property owners. Demand for products and services in this industry is driven by two primary factors: (a) business travel and (b) vacation or tourist travel (First Research, 2017a). Both of these factors are highly sensitive to the health of regional, national, and global economies. Financial analysts estimate that 75% of industry revenues result from fees for overnight lodging. The remaining 25% of revenues result from sales of related products and services (e.g. meals, beverages, etc.). Labor is the most significant source of expenses. This industry uses information technology and the Internet in a variety of ways. First, most brands use the Internet and social media to support their marketing efforts. Second, all but the smallest of properties / brands use information technologies and the Internet to support reservation call center operations. Third, information technologies are used in the daily operations of facilities (front and back of house) and in support of corporate business processes and functions. These technologies include Point of Sale systems for handling customer financial transactions, housekeeping and maintenance management systems, card key access systems for guest rooms and restricted areas, scheduling and timekeeping systems for personnel, and building / facilities management systems that control and monitor energy using systems such as lighting and heating/ventilation/cooling (HVAC) systems. Information technologies are also used to provide physical security in such forms as video surveillance and recording, access controls for equipment and control zones (key pads, badge readers, password controlled logins), and automated access logs which record identity information along with timestamped entry/exit for controlled zones. Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300: Cybersecurity for Leaders and Managers Recreational Vehicle Parks Leading firms in this industry include Thousand Trails (owned by Equity LifeStyle Properties), and Kampgrounds of America (KOA) (First Research, 2017b). Each of these companies has a slightly different business model. Thousand Trails is an owner/operator for RV Parks (First Research, 2017b). KOA sells franchises to owner/operators of privately owned RV Parks and provides brand related services such as marketing, park design and management consulting, and reservations management. A third company, Good Sam Enterprises, markets and sells RV travel related services to individual travelers (“members”) and provides marketing and sales support to member parks (Good Sam Club, 2017). All three firms provide online guidebooks (some with reviews, inspection reports, and ratings), which include information about individual parks and their amenities. In addition to these three firms, there are thousands of smaller owner/operators of RV parks in the United States. These RV parks range in size from 10 – 100 acres with a capacity of 150 to 2,000 or more RV, tent, and rental cabin sites. Demand for products and services in this industry is driven by vacation or tourist travel (First Research, 2017). Sales and revenues are highly seasonal as preferred destinations change with the weather and with the usual and customary vacation periods (summer, holidays, school breaks, etc.). Rental fees for overnight stays are the largest source of revenues for individual RV Parks. Additional revenue sources include: camp store and gift shop operations, restaurants and snack bars, fuel sales (propane), and sales of RV parts and accessories. Major areas of expenses are: utilities (water, electric, sewer, cable TV, and Internet service), park maintenance (including roads and buildings), vehicles, property taxes, and operating expenses for amenities such as laundry facilities, bath houses, swimming pools, playgrounds, etc. Insurance coverage for park operations is also a major area of expense and may include additional coverage for cybersecurity liability (Philadelphia Consolidated Holding Company, 2017). This industry uses information technology and the Internet in a variety of ways. First, many RV parks maintain a Website to advertise the park (First Research, 2017b). They may also use social media to attract visitors to their Website and to the RV park. They may also depend upon Websites operated by third parties such as RV Park Reviews, Trip Advisor, and Good Sam Club to attract the attention of individuals who are planning trips or vacations. Second, all but the smallest of properties use an online reservation management system that allows travelers to search for available sites by date(s) and by required or desired amenities (electric, water, sewer, cable, pet friendly, etc.). Larger operators and networks of parks may also use a telephone call centers for reservations management. These call centers depend upon computer applications to route and manage calls. Reservation management systems also depend upon databases and database servers to store and process customer information. Third, information technologies are used in the daily operations of some facilities. Such uses include guest check-in/check-out, cash and credit card transaction management (payments & refunds), maintenance records, camp store / gift-shop inventory and sales, and bookkeeping / reporting (revenue tracking). Some RV parks also use computer-based systems for video and audio surveillance, automated vehicle entry/exit, and energy usage monitoring. Copyright © 2018 by University of Maryland University College. All Rights Reserved. CSIA 300 Cybersecurity for Leaders and Managers References First Research. (2017a). Hotels, motels, & reports: First Research custom report. Retrieved July 26, 2017 from Hoovers Online. First Research. (2017b). Recreational vehicle parks: First Research industry custom report. Retrieved July 26, 2017 from Hoovers Online. Good Sam Club. (2017). Who we are. Retrieved from http://www.goodsamclub.com/about Philadelphia Consolidated Holding Corp. (2017). Cyber security liability. Retrieved from https://www.phly.com/mplDivision/managementLiability/CyberSecurity.aspx Copyright © 2018 by University of Maryland University College. All Rights Reserved.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

I have submitted ...


Anonymous
Nice! Really impressed with the quality.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags