Abstract
Don't use plagiarized sources. Get Your Custom Essay on
Risk Assessment of the National Basketball Association
Just from $13/Page
The National Basketball Association (NBA) is an all men’s professional basketball league located in North America; founded in New York City on June 6th, 1946, as the Basketball Association of America (BAA). The league compromises of 30 teams (29 teams located in the United States and 1 located in Canada – Toronto Raptors). The teams are divided evenly into two conferences (Eastern and Western) with 6 divisions, 5 teams each. It is extensively considered as the greatest basketball league in the world. The NBA team that would be focused on this project is the Los Angeles Lakers.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Essay Writing Service
Los Angeles Lakers is an American professional basketball team based in Los Angeles. Founded in 1947, the Lakers are one of the NBA’s most famous and successful franchises. The Lakers are one of the most successful and popular professional franchises in all American sports. The Lakers compete in the National Basketball Association (NBA), as a member club of the league’s Western Conference Pacific Division.
The franchise has won a combined 16 Basketball Association of America (BAA) and National Basketball Association (NBA) titles. Their last being in 2010. The Laker’s fan base is believed to be one of the best in NBA because of their relentless support for their team during the winning and losing streaks. The key business area for the Lakers is the sale of merchandise, tickets, advertisement, and News. The goal of this project is to select key areas of the Laker’s website and assess it.
The key business area for the Los Angeles Lakers is the sale of merchandise, tickets, advertisement, and News. According to Forbes NBA valuation 2019, the Los Angeles Lakers is the second most valued team at 3.7 billion, coming behind the New York Knicks (4 billion) and Golden States Warriors (3.5 billion).
Table of Contents
Executive Summary
1. INTRODUCTION
Purpose
Scope
Background (Team Profile)
Los Angeles Lakers Management
2. Risk Assessment Approach
Risk model
Risk Assessment team
3. RISK ASSESSMENT
STEP 1: SYSTEM CHARACTERIZATION
Information-Gathering Techniques
System-Related Information
Data collected by the system
System Users
STEP 2: THREAT IDENTIFICATION
Threat-Source Identification
Motivation and Threat Actions
STEP 3: VULNERABILITY IDENTIFICATION
Vulnerability Sources
System Security Testing
Development of Security Requirements Checklist
STEP 4: CONTROL ANALYSIS
Control Methods
Control Categories
STEP 5: LIKELIHOOD DETERMINATION
STEP 6: IMPACT ANALYSIS
STEP 7: RISK DETERMINATION
Risk-Level Matrix
Description of Risk Level
STEP 8: CONTROL RECOMMENDATIONS
Applications
Databases
Protocols
STEP 9: RESULTS DOCUMENTATION
Risk Assessment Results
Appendix A. References
The National Basketball Association (NBA) is an all men’s professional basketball league located in North America; founded in New York City on June 6th, 1946, as the Basketball Association of America (BAA). The league compromises of 30 teams (29 teams located in the United States and 1 located in Canada – Toronto Raptors). The teams are divided evenly into two conferences (Eastern and Western) with 6 divisions, 5 teams each. It is extensively considered as the greatest basketball league in the world. The NBA team that would be focused on this project is the Los Angeles Lakers.
The NBA had revitalized its strategy by giving players their own platforms such as doing advertisements for companies and having huge social media presence, leading to high ratings of each seasons. Through the organizations digital marketing strategy, the NBA creates content that fans crave. The NBA also employs several expert writers that create content on the league’s website (NBA.com) for those that are interested in everything happening league-wide. Each team also employs an expert writer that writes game recaps, articles, and other stories on their team website. Fans are able to go to their favorite team’s website and see everything that’s going on. (Adragna, 2018). On the NBA website, Fans can purchase tickets to the games. Also provided is
This project has been assigned to students in INFA 610 9082 Foundations of Information Security and Assurance, University of Maryland, University College. The goal of the project is to conduct a risk assessment of an organization and I have chosen National Basketball Association (NBA), specifically the Los Angeles Lakers. This risk assessment assesses the use of resources and controls to eliminate and/or manage vulnerabilities that are exploitable by threats internal and external to National Basketball Association (NBA) web sites. For the purposes of this risk assessment, the Los Angeles Lakers (developed by Turner sports digital). Though the NBA teams are stand-alone teams, the NBA provides, and overarching website and each team website is just an extension of NBA website. The focus will be on the NBA as all the teams will have a similar assessment when it comes to their information system.
Purpose
The purpose of this risk assessment is to identify vulnerabilities and threats related to the Los Angeles Lakers franchise of the National Basketball Association (NBA). The risk assessment will identify major risk areas related to NBA team information technology systems.
Scope
NBA.com is part of Turner Sports Digital, part of the Turner Sports & Entertainment Digital Network. In order to avoid domain squatters trolling on NBA teams, the organization created a smart idea to have team’s website as an extension of the official NBA website. All teams’ websites though individually operated as part of the Turner Sports Digital but has a certain degree of uniqueness from other teams. Keeping this in mind Each NBA team is franchised and independently operated. Yet, this risk assessment will be of utmost importance for any of the thirty teams in the league. Due to the uniqueness of how the NBA teams website are setup, this risk assessment could be viewed as belonging to the Los Angeles Lakers but can also be considered to have relevance to any team of the NBA team as the website provides very similar content, merchandise and tickets pertaining to each team.
Background (Team Profile)
Team Name – Los Angeles Lakers
Team Location – Los Angeles, California
Industry – National Basketball Association
Stadium/Arena – Staples Center
Company profile – Los Angeles Lakers Inc , LLC
Website – https://www.nba.com/lakers/
Los Angeles Lakers Management
Chief Executive Officer – Francis R. Mariani
President and Chief operating officer – Tim Harris
Senior Vice President – Joe McCormack
Risk model
The risk model was conducted in accordance with the standard risk assessment methodology used within the U.S. federal government described in National Institute of Standards and Technology (NIST) Special Publication 800-30; Risk Management Guide for Information Technology Systems. Using the NIST 800-30 assessment framework to address an organization information security risk management will separate assets into distinct and integrated tiers that help streamline the risk assessment process and to reduce the organizations inventory of threats and controls. NIST provides guidance for categorizing determining impact levels and security control baselines. According to NIST, risk is view from three different levels; organization level, Business process level and Information system level. Using the NIST 800-30 framework, organizations can better grasp on how to keep their information as secure as possible.
Risk Assessment team
Role
Name
Chief Technology Officer
Vice President, Technology & Product (Turner Data Cloud)
Vice President, Software Development
Technical Director, Software & User Experience
Senior Technical Manager, Quality Assurance
Vice President, Core Technology and Content Services
Head of Media & Software services
Table 1 – Risk assessment team
STEP 1: SYSTEM CHARACTERIZATION
The website of the Los Angeles Lakers is developed and maintained by Turner Sports Digital, part of the Turner Sports & Entertainment Digital Network. The company was founded by Ted turner in 1965 but merged with Time Warner in 1996. Currently, Turner sports is a part of Warner Media after the merger of AT&T and Time warner. The system is used to provide full coverage of the NBA’s Los Angeles Lakers via the NBA.com/warriors web site. The websites include news about the team, scores, schedule, stats, video recaps. The system is also used for e-commerce.
Information-Gathering Techniques
The information gathering techniques used to perform this risk assessment includes the use of document review, journals, the Internet and research information from NIST.
System-Related Information
The following components in Table 2 identify system-related information for Turner Sport Digital
Component
Description
Applications
Web page developed by Turner Sport Digital Inc. Uses custom application development: Java, AWS cloud front
Databases
MySQL
Server Configurations/Operating Systems
AkamaiGHost, Nginx web server
Protocols
Uses TLS (Transport layer security) for transmission between client web browser and web server
Table 2 – System Information
Data collected by the system
Data collected when purchasing NBA league pass/ tickets from the Los Angeles Lakers website is listed below
Data
Description
Account information
Personal Information
Name
Address
Phone number
Ordering Information
Date
Quantity
Seat number
Method of getting ticket (email, text)
Financial Information
Credit card number
Expiration date
Card Security code
Transaction number
Table 3 – Data Collected
System Users
Users
Description
Turner Sports Digital IT Personnel
Provide security configuration of the system
Manage system network and firework
Customers
Customer are able to access the system through web browser or NBA mobile application.
Can created a system account with email and password
Purchase merchandise and tickets
Update
Nba.com/warriors operations personnel
Use information in database to create reports for management
Table 4 – System Users
STEP 2: THREAT IDENTIFICATION
Threat-Source Identification
Threat sources can be Natural, Human or Environmental threats. Natural threats are Floods, earthquakes, tornadoes. Human threats are events that are caused by humans deliberately for example, network-based attacks, malicious software upload, unauthorized access to confidential information or unintentionally, for example wrong data entry.
For this risk assessment, the major threat source is human threat.
Motivation and Threat Actions
Threat- Source
Motivation
Threat Actions
Computer criminal
Destruction of information Illegal information disclosure
Fraudulent act such as interception
Information bribery Spoofing
Insiders
Monetary gain Revenge Unintentional errors and omissions (e.g., data entry error, programming error)
• Fraud and theft • Information bribery • Input of falsified
System sabotage • Unauthorized system access
Industrial espionage
Competitive advantage Economic espionage
Information theft
System penetration Unauthorized system access
Terrorist
Blackmail Destruction
System tampering
Bomb/Terrorism
Table 5
STEP 3: VULNERABILITY IDENTIFICATION
Vulnerability Sources
Vulnerability
Threat- Source
Threat Actions
Operating System
Hackers, terminated employees
Obtaining unauthorized access to sensitive system files based on known system vulnerabilities
Databases
Employees, contracted support personnel, terminated personnel
Gain unauthorized access to sensitive customer data.
Applications
Hackers, Organized Crime, and other Unauthorized Users
Dialing into the company’s network and accessing company proprietary data
Human Threat (Terminated employees)
Unauthorized users such as hackers, terminated employees, computer criminals, terrorists
Misusing known company secrets about the system by blackmailing the company
Protocols
Hackers, Organized Crime
Using customers information to sign into the system
Table 6 – Vulnerability Sources
System Security Testing
Turner Sport Digital system should perform vulnerability scanning, this process will
detect security loopholes within the system.
Development of Security Requirements Checklist
Table provides a checklist of security requirements suggested for use in determining Turner Sport Digital system’s vulnerabilities.
Security Area
Security Criteria
Operational Security
Controls to ensure the quality of the electrical power supply
Data media access and disposal
External data distribution and labeling
Facility protection (e.g., computer room, data center, office)
Temperature control
Workstations, laptops, and stand-alone personal computers
Technical Security
Communications (e.g., dial-in, system interconnection, routers)
Cryptography
Discretionary access control
Identification and authentication
Intrusion detection
Object reuse
System audit
Management Security
Assignment of responsibilities
Continuity of support
Incident response capability
Periodic review of security controls Personnel clearance and background investigations
Risk assessment
Security and technical training
Separation of duties
System authorization and reauthorization
System or application security plan
Table 7 – Security Requirements Checklist
STEP 4: CONTROL ANALYSIS
Control Methods
There are various control methods that can be used to mitigate potential threats. Risk can be reduced by improving risk information management and making changes in the Turner system design. Risk can also be neutralized through diversification across the system. Overall, some risks should be retained.
Control Categories
Vulnerability assessments help ensure that appropriate security precautions have been implemented and that system security configurations are appropriate. Detection measures involve analyzing available information to determine if an information system has been compromised, misused, or accessed by unauthorized individuals. Turner sports digital should have an effective incident response program outlined in a security policy that prioritizes incidents, discusses appropriate responses to incidents, and establishes reporting requirements. (FDIC 1999)
STEP 5: LIKELIHOOD DETERMINATION
Likelihood Level
Likelihood Definition
Low
The threat-source lacks motivation or capability, or controls are in place to prevent, or at least significantly impede, the vulnerability from being exercised.
Medium
The threat-source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability.
High
The threat-source is highly motivated and sufficiently capable, and controls to prevent the vulnerability from being exercised are ineffective.
Table 8 – Likelihood Determination
STEP 6: IMPACT ANALYSIS
Impact (Score)
Definition
Low (10)
Exercise of the vulnerability (1) may result in the loss of some tangible assets or resources or (2) may noticeably affect an organization’s mission, reputation, or interest.
Medium (50)
Exercise of the vulnerability (1) may result in the costly loss of tangible assets or resources; (2) may violate, harm, or impede an organization’s mission, reputation, or interest; or (3) may result in human injury.
High (100)
Exercise of the vulnerability (1) may result in the highly costly loss of major tangible assets or resources; (2) may significantly violate, harm, or impede an organization’s mission, reputation, or interest; or (3) may result in human death or serious injury.
Table 9 – Impact Definition (NIST 800-30)
STEP 7: RISK DETERMINATION
Impact
Threat likelihood
Low
Medium
High
(10)
(50)
(100)
Low Risk
Medium Risk
High Risk
High = 1.0
10 x 1.0 = 10
50 x 1.0 = 50
100 x 1.0 = 100
Low Risk
Medium Risk
High Risk
Medium = 0.5
10 x 0.5 = 5
50 x 0.5 = 25
100 x 0.5 = 50
Low Risk
Medium Risk
High Risk
Low = 0.1
10 x 0.1 = 1
50 x 0.1 = 5
100 x 0.1 = 10
Table 10 – Risk Determination
Risk-Level Matrix
Vulnerability
Low (10)
Medium (50)
High (100)
Risk Level
Applications = 0.5
25
Medium
Databases = 0.5
50
High
Server Configurations/Operating Systems = 1
100
High
Protocols = 0.1
25
Medium
Table 11 – Risk Level Matrix
Description of Risk Level
Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)
Vulnerability
Likelihood Level
Applications
Medium
Databases
High
Server Configurations/Operating Systems
High
Protocols
Medium
Table 12 – Risk Level
STEP 8: CONTROL RECOMMENDATIONS
This section presents system related components with control recommendations to mitigate threats against Turner Sports Digital system vulnerabilities.
Applications– Application control gives Turner Sports Digital system knowledge about key areas regarding applications, web traffic, threats, and data patterns. Users can also benefit from application control by gaining a better understanding of applications or threats, applications’ key features and behavioral characteristics, details on who uses an application, and details on those affected by a threat. (Lord, 2019). Application control supports these processes and allows organizations to keep their finger on the pulse of what is happening within their network.
Databases – Recommend that users of the webserver provide authentication frequently
Protocols – Providing access control by assuring that only authorized users can access particular network resources. IPsec endpoints can also allow or block certain types of network traffic, such as allowing web server access but denying file sharing. Ensuring the confidentiality of data through the application of a cryptographic algorithm and a secret key, known only to the two parties exchanging data. The data that is transmitted can be decrypted only by someone who has the secret key. (Radack n.d.)
STEP 9: RESULTS DOCUMENTATION
This section provides the results of the risk assessment that describes the threats and vulnerabilities, measures the risk, and provides recommendations for control implementation.
Risk Assessment Results
Item 1
Observation – Server configuration
Vulnerability/Threat source – System/ disaster recovery
Existing Controls – none
Likelihood – High
Impact – High
Risk Rating – High
Recommended Controls – Require use baselining tools
Item 2
Observation – Data modification
Vulnerability/Threat source – Hackers
Existing Controls – Limited validation checks on inputs
Likelihood – Medium
Impact – High
Risk Rating – High
Recommended Controls – Guarantee the system parameters are validated before use
Adragna, T. (2018, October 26). How Your Brand Can Use the NBA’s Brilliant Digital Marketing Strategy. Retrieved April 23, 2019, from http://www.primitivesocial.com/blog/how-your-brand-can-use-the-nbas-brilliant-digital-marketing-strategy
Arul. (2019). Find the Web Server that a web site runs on. Retrieved May 01, 2019, from https://aruljohn.com/webserver/www.nba.com/warriors
Elbert, E. (2009). Identify technology on websites. Retrieved from http://www.wappalyzer.com/
FDIC – Federal Deposit Insurance Corporation. (1999, July). Risk Assessment Tools and Practices for Information System Security. https://www.fdic.gov/news/news/financial/1999/fil9968a.html
How to determine if a browser is using an SSL or TLS connection? (n.d.). Retrieved from https://security.stackexchange.com/questions/19096/how-to-determine-if-a-browser-is-using-an-ssl-or-tls-connection/169418
Kaufman, M. (2019, May 03). 5 Best Bass Headphones of 2019. Retrieved from http://www.forbes.com/sites/forbes-finds/2019/05/03/5-best-bass-headphones-of-2018/#cdf1ed52c57e.
Laird, S. (2014, November 12). Revealed: The conniving domain-squatters trolling an NBA team. Retrieved May 01, 2019, from https://mashable.com/2014/11/12/nba-nets-domain/
Lord, N. (2019). What is Application Control? Definition, Best Practices & More. Retrieved from https://digitalguardian.com/blog/what-application-control
Metivier, B. (2017, April 17). 6 Steps to a Cybersecurity Risk Assessment. Retrieved from https://www.sagedatasecurity.com/blog/6-steps-to-a-cybersecurity-risk-assessment
NIST – National Institute of Standards and Technology. (2002, July). Special Publication 800-30: Risk Management Guide for Information Technology Systems https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf
Radack, S. (n.d.). Protecting Sensitive Information Transmitted in Public Networks. Retrieved December 1, 2007 from http://www.itl.nist.gov/lab/bulletns/bltnapr06.htm
Request a Demo. (n.d.). Retrieved from https://pages.discoverorg.com/Turner-Broadcasting-System-Product.html?CPN=70116000000sZh6
Stone burner, G., Goguen, A., & Ferigna, A. (2015, June 19). Risk Management Guide for information Technology Systems. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30.pdf
Basketball Reference (n.d). Los Angeles Lakers. Retrieved from: https://www.basketball-reference.com/teams/LAL/
National Basketball Association. LA Lakers. Retrieved from:
https://www.britannica.com/topic/National-Basketball-Association
Orlov, S. (2009, January 9). LA Lakers Has a New Slogan. Retrieved from: https://www.dailybreeze.com/2009/01/09/la-has-a-new-slogan/
Research – Understanding dementia research – Types of research – Research methods. (2009). Retrieved from https://www.alzheimer-europe.org/Research/Understanding-dementia-research/Types-of-research/Research-methods
The Five Step Guide to Risk Assessment. (2013). Retrieved from
https://rospaworkplacesafety.com/2013/01/21/what-is-a-risk-assessment/
The First Game. (n.d.). Retrieved from https://www.nba.com/history/firstgame_feature.html
The NBA — 1946: A New League. (n.d.). Retrieved from https://www.nba.com/heritageweek2007/newleague_071207.html
