Description
Unformatted Attachment Preview
Scenario
The Entertainment Team (ET — part of Resort Operations at PadgettBeale, Inc.) is excited about a new event management platform and is
ready to go to contract with the vendor. This platform is a cloud-based
service that provides end-to-end management for events (conferences,
concerts, festivals). The head of Marketing & Media (M&M) is on board
and strongly supports the use of this system. M&M believes that the data
collection and analysis capabilities of the system will prove extremely
valuable for its efforts. Resort Operations (RO) also believes that the
technology could be leveraged to provide additional capabilities for
managing participation in hotel sponsored “kids programs” and related
children-only events.
Tatiana Stepanishcheva / iStock / Getty Images Plus
For an additional fee, the event management platform’s vendor will
provide customized Radio Frequency Identification (RFID) bands to be
worn by attendees.
The RFID bands and RFID readers use near-field communications to
identify the wearer and complete the desired transactions (e.g. record a
booth visit, make a purchase, vote for a favorite activity or performer,
etc.).
The RFID bands have unique identifiers embedded in the band that allow
tracking of attendees (admittance, where they go within the venue, what
they “like,” how long they stay in a given location, etc.).
The RFID bands can also be connected to an attendee’s credit card or
debit card account and then used by the attendee to make purchases for
food, beverages, and souvenirs.
For children, the RFID bands can be paired with a parent’s band, loaded
with allergy information, and have a parent specified spending limit or
spending preauthorization tied to the parent’s credit card account.
The head of Corporate IT has tentatively given approval for this
outsourcing because it leverages cloud-computing capabilities. IT’s
approval is very important to supporters of this the acquisition because
of the company’s ban on “Shadow IT.” (Only Corporate IT is allowed to
issue contracts for information technology related purchases,
acquisitions, and outsourcing contracts.) Corporate IT also supports a
cloud-based platform since this reduces the amount of infrastructure
which IT must support and manage directly.
The project has come to a screeching halt, however, due to an objection
by the Chief Financial Officer. The CFO has asked that the IT
Governance Board investigate this project and obtain more information
about the benefits and risks of using RFID bands linked to an external
system which processes transactions and authorizations of mobile /
cashless payments for goods and services. The CFO is concerned that
the company’s PCI Compliance status may be adversely affected.
The Chief Privacy Officer has also expressed an objection about this
project. The CPO is concerned about the privacy implications of tracking
both movement of individuals and the tracking of their purchasing
behaviors.
The IT Governance Board agreed that the concerns expressed by two of
its members (the CFO and CPO) have merit. The board has requested an
unbiased analysis of the proposed use cases and the security and privacy
issues which could be reasonably expected to arise.
The IT Governance Board has also agreed to a request from the Chief of
Staff that the management interns be allowed to participate in this
analysis as their final project. Per the agreement, their involvement will
be limited to providing background research into the defined use cases
for cashless purchases. These use cases are:
1. Purchases for craft materials and snacks by children (under the age
of 13) attending a hotel sponsored “kids club” program.
2. Purchases by Individuals attending a music festival or other event
where IDs must be checked to establish proof of age (legal
requirement for local alcoholic beverage consumption).
3. Purchases by attendees at trade shows (attendees are “adults”).
Your Task
Pick one of the three use cases listed above. Then, follow the directions
below to complete the required research and write your final report.
Research
1. Read / Review the readings in the LEO Classroom.
2. Read this introduction to RFID technologies
3. Research one or more of the Use Cases
o Children: 8 Benefits of Using RFID Wristbands for Resorts &
Attractions (see section 4: Family Freedom) and Tappit
launches new RFID wristband safety functionality
o Managing Adult Attendees at Music Festivals (includes RFID
bands linked to twitter, Facebook, and credit/debit
card): RFID wristbands vs NFC apps: What’s Winning the
Contactless Battle?
o Tracking Adults at Trade Shows: RFID wristbands – the good,
the bad and the ugly
4. Choose one of the Use Cases then find and review at least two
additional resources on your own that provides information about
privacy and security related laws that could limit or impose
additional responsibilities upon Padgett-Beale’s collection,
storage, transmission, and use of data about guests. (Note: laws
may differ with respect to collecting data from or about children.)
You should also investigate laws, regulations, or standards which
impact the use of the RFID bands for mobile purchases.
5. Using all of your readings, identify and research at least 7 security
and privacy issues which the IT Governance Board needs to
consider and address as it considers the implications of your
chosen use case upon the adoption or rejection of the proposed IT
project (Event Management Platform & RFID bands).
6. Then, identify 7 best practices that you can recommend to
Padgett-Beale’s leadership team to reduce and/or manage risks
associated with the security and privacy of data associated with
the event management platform.
Write
Write a five to seven (5-7) page report using your research. At a
minimum, your report must include the following:
1. An introduction or overview of event management systems and the
potential security and privacy concerns which could arise when
implementing this technology. This introduction should be suitable
for an executive audience. Provide a brief explanation as to why
three major operating units believe the company needs this
capability.
2. An analysis section in which you address the following:
a. Identify and describe your chosen Use Case
b. Identify and describe 7 or more types of personal / private
information or data that will be collected, stored, processed,
and transmitted in conjunction with the use case.
c. Identify and describe 5 or more compliance issues related to
the use of the RFID bands to make and track mobile
purchases.
d. Analyze and discuss 7 or more privacy and security issues
related to the use case.
e. Identify and discuss 3 or more relevant laws, regulations, or
standards which could impact the planned implementation of
the event management system with RFID wrist bands.
3. A recommendations section in which you identify and discuss 8 or
more best practices for security and privacy that should be
implemented before the technology is put into use by the company.
Include at least 2 recommendations in each of the following
categories: people, processes, policies, and technologies.
Take Action
Review the difference between a process and a policy.
4. A closing section (summary) in which you summarize the issues related
to your chosen use case and the event management platform overall.
Include a summary of your recommendations to the IT Governance
Board.
Submit for Grading
Submit your research paper in MS Word format (.docx or .doc file) using
the Research Report #2 Assignment in your assignment folder. (Attach
your file to the assignment entry.)
Additional Information
1. To save you time, a set of appropriate resources / reference
materials has been included as part of this assignment. You must
incorporate at least 5 of these resources into your final deliverable.
You must also include 2 resources that you found on your own.
2. Your research report should use standard terms and definitions for
cybersecurity.
3. Your research report should be professional in appearance with
consistent use of fonts, font sizes, margins, etc. You should use
headings to organize your paper. UMGC recommends that you
follow standard APA formatting since this will give you a document
that meets the “professional appearance” requirements.
Take Note
APA formatting guidelines and examples are found under Course
Resources > APA Resources. An APA template file (MS Word format) has
also been provided for your use.
4. You are expected to credit your sources using in-text citations and
reference list entries.
Purchase answer to see full
attachment
