Emerging Issues Risk Analysis & Report: Radio Frequency Identification
Research Report #2: Emerging Issues Risk Analysis and Report
CAUTION: there are a number of websites which are offering “professionally written” versions of this assignment. Please do not make the mistake of trying to use such papers as sources for your research. They do not meet the requirement for authoritativeness (see https://libguides.umgc.edu/credibility ). Your submitted work WILL be scanned by Turn It In and your grade will reflect the quality of your research and writing for this assignment.
The Entertainment Team (ET -- part of Resort Operations at Padgett-Beale, Inc.) is excited about a new event management platform and is ready to go to contract with the vendor. This platform is a cloud-based service that provides end-to-end management for events (conferences, concerts, festivals). The head of Marketing & Media (M&M) is on board and strongly supports the use of this system. M&M believes that the data collection and analysis capabilities of the system will prove extremely valuable for its efforts. Resort Operations (RO) also believes that the technology could be leveraged to provide additional capabilities for managing participation in hotel sponsored “kids programs” and related children-only events.
For an additional fee, the event management platform's vendor will provide customized RFID bands to be worn by attendees.
The RFID bands and RFID readers use near-field communications to identify the wearer and complete the desired transactions (e.g. record a booth visit, make a purchase, vote for a favorite activity or performer, etc.).
The RFID bands have unique identifiers embedded in the band that allow tracking of attendees (admittance, where they go within the venue, what they "like," how long they stay in a given location, etc.).
The RFID bands can also be connected to an attendee's credit card or debit card account and then used by the attendee to make purchases for food, beverages, and souvenirs.
For children, the RFID bands can be paired with a parent’s band, loaded with allergy information, and have a parent specified spending limit or spending preauthorization tied to the parent’s credit card account.
The head of Corporate IT has tentatively given approval for this outsourcing because it leverages cloud-computing capabilities. IT's approval is very important to supporters of this the acquisition because of the company's ban on "Shadow IT." (Only Corporate IT is allowed to issue contracts for information technology related purchases, acquisitions, and outsourcing contracts.) Corporate IT also supports a cloud-based platform since this reduces the amount of infrastructure which IT must support and manage directly.
The project has come to a screeching halt, however, due to an objection by the Chief Financial Officer. The CFO has asked that the IT Governance Board investigate this project and obtain more information about the benefits and risks of using RFID bands linked to an external system which processes transactions and authorizations of mobile / cashless payments for goods and services. The CFO is concerned that the company’s PCI Compliance status may be adversely affected.
The Chief Privacy Officer has also expressed an objection about this project. The CPO is concerned about the privacy implications of tracking both movement of individuals and the tracking of their purchasing behaviors.
The IT Governance Board agreed that the concerns expressed by two of its members (the CFO and CPO) have merit. The board has requested an unbiased analysis of the proposed use cases and the security and privacy issues which could be reasonably expected to arise.
The IT Governance Board has also agreed to a request from the Chief of Staff that the management interns be allowed to participate in this analysis as their final project. Per the agreement, their involvement will be limited to providing background research into the defined use cases for cashless purchases. These use cases are:
1. Purchases for craft materials and snacks by children (under the age of 13) attending a hotel sponsored “kids club” program.
2. Purchases by Individuals attending a music festival or other event where IDs must be checked to establish proof of age (legal requirement for local alcoholic beverage consumption).
3. Purchases by attendees at trade shows (attendees are “adults”).
Pick one of the three use cases listed above. Then, follow the directions below to complete the required research and write your final report.
1. Read / Review the readings in the LEO classroom.
2. Read this introductions to RFID technologies: https://www.gettoken.com/beginners-guide-rfid-technology-events/
3. Research one or more of the Use Cases
a. Children: 8 Benefits of Using RFID Wristbands for Resorts & Attractions (see section 4: Family Freedom) https://www.idcband.com/en-us/blog-us/8-benefits-of-using-rfid-wristbands-resorts-attractions/ and https://tappit.com/resources/blog/rfid-wristband-safety
b. Managing Adult Attendees at Music Festivals (includes RFID bands linked to twitter, Facebook, and credit/debit card) http://www.techradar.com/news/world-of-tech/rfid-wristbands-vs-nfc-smartphones-what-s-winning-the-contactless-battle-1167135
c. Tracking Adults at Trade Shows https://blog.printsome.com/rfid-wristbands-good-bad/
4. Choose one of the Use Cases then find and review at least one additional resource on your own that provides information about privacy and security related laws that could limit or impose additional responsibilities upon Padgett-Beale’s collection, storage, transmission, and use of data about guests. (Note: laws may differ with respect to collecting data from or about children.) You should also investigate laws, regulations, or standards which impact the use of the RFID bands for mobile purchases.
5. Using all of your readings, identify and research at least 5 security and privacy issues which the IT Governance Board needs to consider and address as it considers the implications of your chosen use case upon the adoption or rejection of the proposed IT project (Event Management Platform & RFID bands).
6. Then, identify 5 best practices that you can recommend to Padgett-Beale’s leadership team to reduce and/or manage risks associated with the security and privacy of data associated with the event management platform.
Write a five to seven (5-7) page report using your research. At a minimum, your report must include the following:
1. An introduction or overview of event management systems and the potential security and privacy concerns which could arise when implementing this technology. This introduction should be suitable for an executive audience. Provide a brief explanation as to why three major operating units believe the company needs this capability.
2. An analysis section in which you address the following:
a. Identify and describe your chosen Use Case
b. Identify and describe five or more types of personal / private information or data that will be collected, stored, processed, and transmitted in conjunction with the use case.
c. Identify and describe five or more compliance issues related to the use of the RFID bands to make and track mobile purchases.
d. Analyze and discuss five or more privacy and security issues related to the use case.
e. Identify and discuss 3 or more relevant laws, regulations, or standards which could impact the planned implementation of the event management system with RFID wrist bands.
3. A recommendations section in which you identify and discuss five or more best practices for security and privacy that should be implemented before the technology is put into use by the company. Include at least one recommendation in each of the following categories: people, processes, policies, and technologies.
4. A closing section (summary) in which you summarize the issues related to your chosen use case and the event management platform overall. Include a summary of your recommendations to the IT Governance Board.
Submit for Grading
Submit your research paper in MS Word format (.docx or .doc file) using the Research Report #2 Assignment in your assignment folder. (Attach your file to the assignment entry.)
1. To save you time, a set of appropriate resources / reference materials has been included as part of this assignment. You must incorporate at least five of these resources into your final deliverable. You must also include one resource that you found on your own.
2. Your research report should use standard terms and definitions for cybersecurity.
3. Your research report should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use.
4. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
5. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
Emerging Issues Risk Analysis and Report
Radio Frequency Identification
Events and management systems are software developed to facilitate the organization and control of events and related functions. Industries that rely on events management systems include the hotel and entertainment industries. A good event management system should have the following modules: bookings, event monitoring, registration, attendee management, payments and checkout, customer relation manager, and event advertising and marketing (Ahmed, 2021). One of the most common event management systems is the Radio Frequency Identification (RFID) (Bowler, 2020). RFID identifies that tracts tags containing digital information using radio waves. RFID tags which a very small in size, are attached to objects and scanned using a dedicated scanner or a smartphone. RFID is very similar to barcodes but more volatile and can easily be scanned even If they are not placed on the scanner like the barcode. RFID can be tagged on the wristbands in the events and entertainment industry, and the event attendees can use it for payment, validate tickets, and connect to other band members. The wristbands replace paper tickets and wallets, making them a more secure technique (Token Team, 2018).
Unlike a ticket, it is very difficult to lose a wristband as it is tied to the wrist. When the RFID is used, wallet money cannot be stolen or lost. Additionally, RFID saves time by reducing queues during ticket validation. The wristbands just need to be scanned to identify the authenticity of a ticket and the ticket holder’s details. The RFID can also connect clients’ social media pages to carry out social media activities remotely from the event’s location or a hotel (Bennett, 2013). RFID also collects data regarding the events at their occurrence by recording the attendee’s behavior (Tappit, 2022). The main disadvantage of RFID, however, is data privacy and security. It is important to note that clients give their information to the management, who feeds it to the RFID electronically when using the RFID and wrist bands.
RFID will benefit kids attending a sponsored “kids club” program to purchase craft materials and snacks. Kids under the age of 13 are normally very playful and restless; giving them money to purchase snacks and craft materials is a risk as they are likely to lose it. Older kids can also forcefully take money from the smaller ones or coerce them to give them money. To prevent such situations, wristbands with RFID are important. (ID&C Band, 2021) adds that allowing kids to purchase snacks for themselves gives them a sense of freedom. Disney, in 2013, used the RFID technology, and the results were exceptional, with no queues, easy purchases, and fewer cases of ticket and money loss (Bowler, 2020).
Personal information required in this case includes the name of the child, the name and contact of the parents or guardians, a child’s allergy if any, a child’s disability or terminal illness, if any, and the place of residence of the child or guardian (Tappit, 2022).
Compliance and Security Issues
Compliance and security issues related to using the RFID bands to make and track mobile purchases include having RFID fake tags in the market. Many counterfeit RFID tags exist in the market, and one of the main contributors to counterfeit tags is the lack of end-to-end encryption for basic tags. Counterfeit products are created by malicious people who want to acquire and manipulate data (Munoz-Ausecha, 2021). Counterfeit goods are sold cheaply to make them attract buyers. With counterfeit tags, attackers can convert invalid tags into valid ones and change the prices of goods. In the case of the “kids club” program, children can pay for goods at a higher price than the normal price without knowing it. The excess money goes to the attackers. Only if the parents are careful to check the money used against purchases the malice might go unnoticed. Therefore, the event organizers need to check on the RFID security they intend to purchase and ensure they have at least a form of cryptography. The second issue is with the RFID readers, whereby the RFID tags might not be able to differentiate between requests from a false reader and a genuine one (Munoz-Ausecha, 2021). During RFID reading, the reader sends a request to the tag, and then the tag sends feedback on its identity to the reader. Attackers can use fake RFID readers to acquire information from tags and use it maliciously, as the person’s location and movement carrying a tag is another security issue. Such information in the case of the “kids club” programs may expose the kids to kidnappers and thieves. Denial of service has been very rampant recently as a cyber-security issue. Suppose denial of service happens during the verification of tickets. In that case, the person in charge of the activity might have to manually verify the ticket, beating the reason for having the RFID tech during the event (Singh & Patro, 2021). And finally, a spoofing attack where an attacker disguises themselves as an authorized person to access the system’s backend or database and acquires or manipulates data maliciously.
Some RFID, by their design and make, do not comply with UL 60950; therefore, if the event organizers of the “kids club” program import such tags, they will not be allowed to use them. The safety of the kids must also be considered when acquiring the tags.
Before the system is in use a few security issues should be checked and heavy investment put into cyber security. First, the company should get a cyber-security expert with Radio Frequency Identification knowledge and be involved in the whole process from purchases to the end of the event. Second, the cyber security personnel should ensure the tags are installed with cryptography for the clients’ security and details. Third, both RFID readers and tags should be properly checked if they are original. Finally, pro-activeness is required to monitor the system networks to detect malice or DOS attacks.
In conclusion, event organizing systems are essential for a successful event. RFID is one of the famous event organizing systems where the tags are put in a wristband. RFID facilitates ticket verification, saves time, and can also be used in purchases. In the case of the “kids club” program, the RFID will also help track the children’s activities and keep them safe. However, the RFID has disadvantages as it is prone to cyber-attacks such as DOS and spoofing. To prevent incidences of attacks, event organizers are advised to invest in cyber security experts and actively monitor the systems to detect anomalies.
Ahmed, A. A. A. (2021). Event Ticketing Accounting Information System using RFID within the COVID-19 Fitness Etiquettes. Academia Letters, 2.
Bennett, C. (2013, July 21). RFID wristbands vs NFC Apps: What’s winning the contactless battle? Retrieved May 2, 2022, from https://www.techradar.com/news/world-of-tech/rfid-wristbands-vs-nfc-smartphones-what-s-winning-the-contactless-battle-1167135
Bowler, J. (2020, March 02). RFID wristbands - what you need to know (according to our London office). Retrieved May 2, 2022, from https://blog.printsome.com/rfid-wristbands-good-bad/
ID&C Band. (2021, July 06). 8 benefits of using RFID wristbands for Resorts & Attractions: idcband.com. Retrieved May 2, 2022, from https://www.idcband.com/en-us/blog-us/8-benefits-of-using-rfid-wristbands-resorts-attractions/
Munoz-Ausecha, C., Ruiz-Rosero, J., & Ramirez-Gonzalez, G. (2021). RFID applications and security review. Computation, 9(6), 69.
Singh, A. K., & Patro, B. D. K. (2021). Security Attacks on RFID and their Countermeasures. In Computer Communication, Networking and IoT (pp. 509-518). Springer, Singapore.
Tappit. (n.d.). Tappit launches cashless RFID wristband safety functionality: tappit.com. Retrieved May 2, 2022, from https://tappit.com/resources/blog/rfid-wristband-safety
Token Team. (2018, March 26). The beginner’s guide to RFID technology for events: Token blog. Retrieved May 2, 2022, from https://www.gettoken.com/beginners-guide-rfid-technology-events/#what-is-rfid.
Tough Essay Due? Hire Tough Essay Writers!
We have subject matter experts ready 24/7 to tackle your specific tasks and deliver them ON TIME, ready to hand in. Our writers have advanced degrees, and they know exactly what’s required to get you the best possible grade.