Framework Compliance Assessment Report: Cybersecurity for Riot Games

Verified

Added on 2023/01/04

AI Summary

This report assesses the cybersecurity framework for Riot Games, focusing on ISO 27001 compliance. It examines the company's business objectives, particularly the security of online games and player data, and identifies key cybersecurity risks such as DDoS attacks. The report proposes solutions, including the use of cloud services and robust internet service providers to mitigate these risks. It emphasizes the importance of data privacy and the collection of only essential user information, aligning with privacy principles and in-game data collection agreements. The report also references relevant academic papers and industry standards to support its analysis and recommendations, providing a comprehensive overview of Riot Games' cybersecurity posture and recommendations for improvement.

ISO/IEC 27001 Cybersecurity Framework for Riot Games, Inc.
1. The business chosen is Riot games, Inc. The ISO/IEC 27001 cybersecurity framework
helps in addressing the information security needs of the company. The framework helps in
achieving benefits in business along with observing the regulatory and legal requirements of
the business. The ISO/IEC 27001 is an international standard and is much more useful for
global operations like the operations of Riot games.
2. The Riot games is an international organisation and its business needs mainly focus on the
security of its players all around the world and the online game itself. The ISO 27001 is
useful here as it helps in protection of these components and also can be implemented on a
global scale once it gets certified.
3. The main cybersecurity risk for Riot games is the DDoS attack which hamper the
performance of the online game and sometimes result in their servers going down for longer
periods. It can be prevented by using a cloud service or an ISP with a massive bandwidth that
can accommodate all the DDoS attacks to prevent performance loss.
4. The company only collects the information absolutely necessary and does not steal
sensitive user data that can result in breach of privacy. The game developers provide the users
with agreements that include all the privacy principles and the data they will collect from the
users. Permission is asked in game before collecting the data.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Haufe, K., Colomo-Palacios, R., Dzombeta, S., Brandis, K., & Stantchev, V. (2016). Security
management standards: a mapping. Procedia Computer Science, 100, 755-761.
Hendre, A., & Joshi, K. P. (2015, June). A semantic approach to cloud security and
compliance. In 2015 IEEE 8th International Conference on Cloud Computing (pp.
1081-1084). IEEE.
Hsu, C., Wang, T., & Lu, A. (2016, January). The Impact of ISO 27001 certification on firm
performance. In 2016 49th Hawaii International Conference on System Sciences
(HICSS)(pp. 4842-4848). IEEE.
Humphreys, E. (2016). Implementing the ISO/IEC 27001: 2013 ISMS Standard. Artech
House.