Disclaimer: This is an example of a student written essay.
Click here for sample essays written by our professional writers.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Risk Assessment of the National Basketball Association

Paper Type: Free Essay Subject: Leisure Management
Wordcount: 6456 words Published: 18th May 2020

Reference this

Abstract

The National Basketball Association (NBA) is an all men’s professional basketball league located in North America; founded in New York City on June 6th, 1946, as the Basketball Association of America (BAA). The league compromises of 30 teams (29 teams located in the United States and 1 located in Canada – Toronto Raptors). The teams are divided evenly into two conferences (Eastern and Western) with 6 divisions, 5 teams each.  It is extensively considered as the greatest basketball league in the world. The NBA team that would be focused on this project is the Los Angeles Lakers.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

           Los Angeles Lakers is an American professional basketball team based in Los Angeles. Founded in 1947, the Lakers are one of the NBA’s most famous and successful franchises. The Lakers are one of the most successful and popular professional franchises in all American sports. The Lakers compete in the National Basketball Association (NBA), as a member club of the league’s Western Conference Pacific Division. 

  The franchise has won a combined 16 Basketball Association of America (BAA) and National Basketball Association (NBA) titles. Their last being in 2010. The Laker’s fan base is believed to be one of the best in NBA because of their relentless support for their team during the winning and losing streaks. The key business area for the Lakers is the sale of merchandise, tickets, advertisement, and News. The goal of this project is to select key areas of the Laker’s website and assess it.

The key business area for the Los Angeles Lakers is the sale of merchandise, tickets, advertisement, and News. According to Forbes NBA valuation 2019, the Los Angeles Lakers is the second most valued team at 3.7 billion, coming behind the New York Knicks (4 billion) and Golden States Warriors (3.5 billion).

Table of Contents

Executive Summary

1. INTRODUCTION

Purpose

Scope

Background (Team Profile)

Los Angeles Lakers Management

2. Risk Assessment Approach

Risk model

Risk Assessment team

3. RISK ASSESSMENT

STEP 1: SYSTEM CHARACTERIZATION

Information-Gathering Techniques

System-Related Information

Data collected by the system

System Users

STEP 2: THREAT IDENTIFICATION

Threat-Source Identification

Motivation and Threat Actions

STEP 3: VULNERABILITY IDENTIFICATION

Vulnerability Sources

System Security Testing

Development of Security Requirements Checklist

STEP 4: CONTROL ANALYSIS

Control Methods

Control Categories

STEP 5: LIKELIHOOD DETERMINATION

STEP 6: IMPACT ANALYSIS

STEP 7: RISK DETERMINATION

Risk-Level Matrix

Description of Risk Level

STEP 8: CONTROL RECOMMENDATIONS

Applications

Databases

Protocols

STEP 9: RESULTS DOCUMENTATION

Risk Assessment Results

Appendix A. References

Executive Summary

The National Basketball Association (NBA) is an all men’s professional basketball league located in North America; founded in New York City on June 6th, 1946, as the Basketball Association of America (BAA). The league compromises of 30 teams (29 teams located in the United States and 1 located in Canada – Toronto Raptors). The teams are divided evenly into two conferences (Eastern and Western) with 6 divisions, 5 teams each.  It is extensively considered as the greatest basketball league in the world. The NBA team that would be focused on this project is the Los Angeles Lakers.

The NBA had revitalized its strategy by giving players their own platforms such as doing advertisements for companies and having huge social media presence, leading to high ratings of each seasons. Through the organizations digital marketing strategy, the NBA creates content that fans crave. The NBA also employs several expert writers that create content on the league’s website (NBA.com) for those that are interested in everything happening league-wide. Each team also employs an expert writer that writes game recaps, articles, and other stories on their team website. Fans are able to go to their favorite team’s website and see everything that’s going on. (Adragna, 2018). On the NBA website, Fans can purchase tickets to the games. Also provided is 

This project has been assigned to students in INFA 610 9082 Foundations of Information Security and Assurance, University of Maryland, University College. The goal of the project is to conduct a risk assessment of an organization and I have chosen National Basketball Association (NBA), specifically the Los Angeles Lakers. This risk assessment assesses the use of resources and controls to eliminate and/or manage vulnerabilities that are exploitable by threats internal and external to National Basketball Association (NBA) web sites.  For the purposes of this risk assessment, the Los Angeles Lakers (developed by Turner sports digital). Though the NBA teams are stand-alone teams, the NBA provides, and overarching website and each team website is just an extension of NBA website. The focus will be on the NBA as all the teams will have a similar assessment when it comes to their information system.

1.    INTRODUCTION

Purpose

 The purpose of this risk assessment is to identify vulnerabilities and threats related to the Los Angeles Lakers franchise of the National Basketball Association (NBA). The risk assessment will identify major risk areas related to NBA team information technology systems.  

 Scope

NBA.com is part of Turner Sports Digital, part of the Turner Sports & Entertainment Digital Network. In order to avoid domain squatters trolling on NBA teams, the organization created a smart idea to have team’s website as an extension of the official NBA website. All teams’ websites though individually operated as part of the Turner Sports Digital but has a certain degree of uniqueness from other teams. Keeping this in mind Each NBA team is franchised and independently operated. Yet, this risk assessment will be of utmost importance for any of the thirty teams in the league. Due to the uniqueness of how the NBA teams website are setup, this risk assessment could be viewed as belonging to the Los Angeles Lakers but can also be considered to have relevance to any team of the NBA team as the  website provides very similar content, merchandise and tickets pertaining to each team.

Background (Team Profile)

  1. Team Name – Los Angeles Lakers
  2. Team Location – Los Angeles, California 
  3. Industry – National Basketball Association
  4. Stadium/Arena – Staples Center
  5. Company profile – Los Angeles Lakers Inc , LLC
  6. Website – https://www.nba.com/lakers/

Los Angeles Lakers Management

  1. Chief Executive Officer – Francis R. Mariani
  2. President and Chief operating officer – Tim Harris
  3. Senior Vice President – Joe McCormack

 

2.    Risk Assessment Approach

Risk model

 The risk model was conducted in accordance with the standard risk assessment methodology used within the U.S. federal government described in National Institute of Standards and Technology (NIST) Special Publication 800-30; Risk Management Guide for Information Technology Systems. Using the NIST  800-30 assessment framework to address an organization information security risk management will separate assets into distinct and integrated tiers that help streamline the risk assessment process and to reduce the organizations inventory of threats and controls. NIST provides guidance for categorizing determining impact levels and security control baselines. According to NIST, risk is view from three different levels; organization level, Business process level and Information system level. Using the NIST 800-30 framework, organizations can better grasp on how to keep their information as secure as possible.

Risk Assessment team

Role

Name

Chief Technology Officer

Vice President, Technology & Product (Turner Data Cloud)

Vice President, Software Development

Technical Director, Software & User Experience

Senior Technical Manager, Quality Assurance

Vice President, Core Technology and Content Services

Head of Media & Software services

Table 1 – Risk assessment team

3.    RISK ASSESSMENT

STEP 1: SYSTEM CHARACTERIZATION

The website of the Los Angeles Lakers is developed and maintained by Turner Sports Digital, part of the Turner Sports & Entertainment Digital Network. The company was founded by Ted turner in 1965 but merged with Time Warner in 1996. Currently, Turner sports is a part of Warner Media after the merger of AT&T and Time warner. The system is used to provide full coverage of the NBA’s Los Angeles Lakers via the NBA.com/warriors web site.  The websites include news about the team, scores, schedule, stats, video recaps. The system is also used for e-commerce.

Information-Gathering Techniques

The information gathering techniques used to perform this risk assessment includes the use of document review, journals, the Internet and research information from NIST.

System-Related Information

The following components in Table 2 identify system-related information for Turner Sport Digital

 

Component

Description

Applications

Web page developed by Turner Sport Digital Inc.  Uses custom application development: Java, AWS cloud front

Databases

MySQL

Server Configurations/Operating Systems

AkamaiGHost, Nginx web server 

Protocols

Uses TLS (Transport layer security) for transmission between client web browser and web server

 

Table 2 – System Information

Data collected by the system

 

Data collected when purchasing NBA league pass/ tickets from the Los Angeles Lakers website is listed below

Data

Description

Account information

  • Email address
  • Password

Personal Information

  • Name
  • Address
  • Phone number

Ordering Information

  • Date
  • Quantity
  • Seat number
  • Method of getting ticket (email, text)

Financial Information

  • Credit card number
  • Expiration date
  • Card Security code
  • Transaction number

Table 3 – Data Collected

 

System Users

 

Users

Description

Turner Sports Digital IT Personnel

  • Provide security configuration of the system
  • Manage system network and firework

Customers

  • Customer are able to access the system through web browser or NBA mobile application.
  • Can created a system account with email and password
  • Purchase merchandise and tickets
  • Update

Nba.com/warriors operations personnel

  • Use information in database to create reports for management

Table 4 – System Users
 

STEP 2: THREAT IDENTIFICATION

Threat-Source Identification

 Threat sources can be Natural, Human or Environmental threats. Natural threats are Floods, earthquakes, tornadoes. Human threats are events that are caused by humans deliberately for example, network-based attacks, malicious software upload, unauthorized access to confidential information or unintentionally, for example wrong data entry.

For this risk assessment, the major threat source is human threat.

Motivation and Threat Actions

Threat- Source

Motivation

Threat Actions

Computer criminal

Destruction of information Illegal information disclosure

Fraudulent act such as interception

Information bribery Spoofing

Insiders

Monetary gain Revenge Unintentional errors and omissions (e.g., data entry error, programming error)

• Fraud and theft • Information bribery • Input of falsified

System sabotage • Unauthorized system access

Industrial espionage

Competitive advantage Economic espionage

Information theft

System penetration Unauthorized system access

Terrorist

Blackmail Destruction

System tampering

 Bomb/Terrorism

Table 5

STEP 3: VULNERABILITY IDENTIFICATION

Vulnerability Sources

Vulnerability

Threat- Source

Threat Actions

Operating System

Hackers, terminated employees

Obtaining unauthorized access to sensitive system files based on known system vulnerabilities

Databases

Employees, contracted support personnel, terminated personnel

Gain unauthorized access to sensitive customer data.

Applications

Hackers, Organized Crime, and other Unauthorized Users

Dialing into the company’s network and accessing company proprietary data

Human Threat (Terminated employees)

Unauthorized users such as hackers, terminated employees, computer criminals, terrorists

Misusing known company secrets about the system by blackmailing the company

Protocols

Hackers, Organized Crime

Using customers information to sign into the system

Table 6 – Vulnerability Sources

System Security Testing

 Turner Sport Digital system should perform vulnerability scanning, this process will

detect security loopholes within the system.

Development of Security Requirements Checklist

Table provides a checklist of security requirements suggested for use in determining Turner Sport Digital system’s vulnerabilities.  

Security Area

Security Criteria

Operational Security

  • Controls to ensure the quality of the electrical power supply
  • Data media access and disposal
  • External data distribution and labeling
  • Facility protection (e.g., computer room, data center, office)
  • Temperature control
  • Workstations, laptops, and stand-alone personal computers

Technical Security

  • Communications (e.g., dial-in, system interconnection, routers)
  • Cryptography
  • Discretionary access control
  • Identification and authentication
  • Intrusion detection
  • Object reuse
  • System audit

Management Security

  • Assignment of responsibilities
  • Continuity of support
  • Incident response capability
  • Periodic review of security controls Personnel clearance and background investigations
  • Risk assessment
  • Security and technical training
  • Separation of duties
  • System authorization and reauthorization
  • System or application security plan

Table 7 – Security Requirements Checklist

STEP 4: CONTROL ANALYSIS

Control Methods

There are various control methods that can be used to mitigate potential threats. Risk can be reduced by improving risk information management and making changes in the Turner system design. Risk can also be neutralized through diversification across the system. Overall, some risks should be retained.

Control Categories

 Vulnerability assessments help ensure that appropriate security precautions have been implemented and that system security configurations are appropriate. Detection measures involve analyzing available information to determine if an information system has been compromised, misused, or accessed by unauthorized individuals. Turner sports digital should have an effective incident response program outlined in a security policy that prioritizes incidents, discusses appropriate responses to incidents, and establishes reporting requirements.  (FDIC 1999)

STEP 5: LIKELIHOOD DETERMINATION

Likelihood Level

Likelihood Definition

Low

The threat-source lacks motivation or capability, or controls are in place to prevent, or at least significantly impede, the vulnerability from being exercised.

Medium

The threat-source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability.

High

The threat-source is highly motivated and sufficiently capable, and controls to prevent the vulnerability from being exercised are ineffective.

Table 8 – Likelihood Determination

STEP 6: IMPACT ANALYSIS

Impact (Score)

Definition

Low (10)

Exercise of the vulnerability (1) may result in the loss of some tangible assets or resources or (2) may noticeably affect an organization’s mission, reputation, or interest.

Medium (50)

Exercise of the vulnerability (1) may result in the costly loss of tangible assets or resources; (2) may violate, harm, or impede an organization’s mission, reputation, or interest; or (3) may result in human injury.

High (100)

Exercise of the vulnerability (1) may result in the highly costly loss of major tangible assets or resources; (2) may significantly violate, harm, or impede an organization’s mission, reputation, or interest; or (3) may result in human death or serious injury.

Table 9 – Impact Definition (NIST 800-30)

STEP 7: RISK DETERMINATION

Impact

Threat likelihood

Low

Medium

High

(10)

(50)

(100)

Low Risk

Medium Risk

High Risk

High = 1.0

10 x 1.0 = 10

50 x 1.0 = 50

100 x 1.0 = 100

Low Risk

Medium Risk

High Risk

Medium = 0.5

10 x 0.5 = 5

50 x 0.5 = 25

100 x 0.5 = 50

Low Risk

Medium Risk

High Risk

Low = 0.1

10 x 0.1 = 1

50 x 0.1 = 5

100 x 0.1 = 10

Table 10 – Risk Determination

Risk-Level Matrix 

Vulnerability

Low (10)

Medium (50)

High (100)

Risk Level

Applications = 0.5

25

Medium

Databases = 0.5

50

High

Server Configurations/Operating Systems = 1

100

High

Protocols = 0.1

25

Medium

Table 11 – Risk Level Matrix

Description of Risk Level

Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)

Vulnerability

Likelihood Level

Applications

Medium

Databases

High

Server Configurations/Operating Systems

High

Protocols

Medium

Table 12 – Risk Level

STEP 8: CONTROL RECOMMENDATIONS

 This section presents system related components with control recommendations to mitigate threats against Turner Sports Digital system vulnerabilities.

Applications– Application control gives Turner Sports Digital system knowledge about key areas regarding applications, web traffic, threats, and data patterns. Users can also benefit from application control by gaining a better understanding of applications or threats, applications’ key features and behavioral characteristics, details on who uses an application, and details on those affected by a threat. (Lord, 2019). Application control supports these processes and allows organizations to keep their finger on the pulse of what is happening within their network.

DatabasesRecommend that users of the webserver provide authentication frequently

ProtocolsProviding access control by assuring that only authorized users can access particular network resources. IPsec endpoints can also allow or block certain types of network traffic, such as allowing web server access but denying file sharing.  Ensuring the confidentiality of data through the application of a cryptographic algorithm and a secret key, known only to the two parties exchanging data. The data that is transmitted can be decrypted only by someone who has the secret key. (Radack n.d.)

STEP 9: RESULTS DOCUMENTATION

This section provides the results of the risk assessment that describes the threats and vulnerabilities, measures the risk, and provides recommendations for control implementation. 

Risk Assessment Results

Item 1
  • Observation – Server configuration
  • Vulnerability/Threat source – System/ disaster recovery
  • Existing Controls – none
  • Likelihood – High
  • Impact – High
  • Risk Rating – High
  • Recommended Controls – Require use baselining tools
Item 2
  • Observation – Data modification
  • Vulnerability/Threat source – Hackers
  • Existing Controls – Limited validation checks on inputs
  • Likelihood – Medium
  • Impact – High
  • Risk Rating – High
  • Recommended Controls – Guarantee the system parameters are validated before use
     

Appendix A. References

 

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: