Framework Compliance Assessment Report: Riot Games Case Study

Verified

Added on 2023/01/04

AI Summary

This report provides an analysis of the NIST Cybersecurity Framework, focusing on its functional areas (Identify, Protect, Detect, Respond, Recover), implementation tiers (Partial, Risk Informed, Repeatable, Adaptive), and the use of profiles. The report includes a case study of Riot Games, a software development company, examining the application of the framework to address cybersecurity risks. It explores the cybersecurity life cycle (Reconnaissance, Initial compromise, Command & control, Lateral movement, Target attainment, Exfiltration, corruption, and disruption) and methodologies employed by Riot Games, including the use of RFCs and the challenges faced by the company. The conclusion emphasizes the importance of adaptive learning and proactive measures for organizations to mitigate potential threats. The report also includes references to relevant academic resources.

Running Head: CYBER SECURITY FRAMEWORK
CYBER SICURITY
Name of the University
Name of the Student
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1NIST CYBER SECURITY FRAMEWORK AND APPLICATION
2. NIST Cyber Security
NIST framework for cybersecurity is a fundamental structure of cybersecurity that is
used by the individual or organization as a key to access and point out the security issues that
are faced and develop to a “current profile” which properly explains the cyber activities and
the outcome the organization is achieving.
2.1. Functional Area
The main functional areas in which NIST helps an organization to build up a security
firewall and deals will the issues are (Stouffer et al., 2017)-
i. Identify
ii. Protect
iii. Detect
iv. Respond
v. Recover
2.2. Implementation Tier
The Implementation tires describe the efficiency of a company’s cybersecurity
program and the deviation from the characteristics proposed framework (Keller, 2017). It
consists of four layers-
i. Partial Tier.
ii. Risk Informed Tier
iii. Repeatable Tier

2NIST CYBER SECURITY FRAMEWORK AND APPLICATION
iv. Adaptive Tier
2.3. Profiles
Profiles define the unique alignment to deal with the results of the core framework
which includes- the requirements, risk processed and activities against undesirable outcomes.
It is used to improve the cybersecurity structure by comparing the “Target” profile with the
“current”. It is the way to optimize the framework to serve the organization in the best way
possible. To approach a proper profile an organization is needed to map their security events,
objective, and methodologies against the cybersecurity framework, to create the most suitable
current state profile.
3.1. Application
In this report, the application and practice of a cyber-security program are discussed,
depending upon a company- Riot Games, Inc., California, US.
3.1.1. Life Cycle
Most of the organization that depends upon IoT services are suffering from the risk of
hacking. On the modern approach, MTTD and MTTR are used to deal with those issues
where firework points out and kill the threats as early as possible on the life cycle that
minimizes the cost of downstream (Ross, 2018). The cyber security life cycle consists of six
stages-
i. Reconnaissance
ii. Initial compromise
iii. Command & control
iv. Lateral movement
v. Target attainment

3NIST CYBER SECURITY FRAMEWORK AND APPLICATION
vi. Exfiltration, corruption, and disruption
3.1.2. Framework and Methodologies to manage risks
i. Riot Games is a software development company that uses the NIST
cybersecurity framework which can detect malware on Riot games server but
wasn’t working properly and taking a long time in user end causing a late
retaliation of getting hacked of the user (Chikish, Carreras & Garcia, 2019).
ii. The company should develop security features by his own or third party to
prevent a user from getting hacked for which company is also suffering from
cyber-attacks like- DDOs, Fishing, Scam causing face lose and revenue loss of
the company.
iii. Currently, Riot Games is using RFCs which plays a vital role in designing and
guiding of their security framework- AWS Security, OFFICE Security which
is the key feature to defend against piracy.
4. Conclusion
From the above discussion, it could be concluded that on the era of IoT dependent
organization, to keep the flow of business IT companies like Riot Games should develop a
way to learn adaptively to deal with the possible threats, for the benefit of both company and
consumer.
5. Reference
Chikish, Y., CARRERAS, M., & García, J. (2019). eSports: a new era for the sports industry
and a new impulse for the research in sports (and) economics?. In Sports (and)
economics (pp. 477-508). Fundación de las Cajas de Ahorros (FUNCAS).
Keller, N. (2017). New to Framework. Framework.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4NIST CYBER SECURITY FRAMEWORK AND APPLICATION
Ross, R. S. (2018). Risk Management Framework for Information Systems and
Organizations: A System Life Cycle Approach for Security and Privacy (No. Special
Publication (NIST SP)-800-37rev2).
Stouffer, K., Zimmerman, T., Tang, C., Lubell, J., Cichonski, J., & McCarthy, J.
(2017). Cybersecurity framework manufacturing profile (No. NIST Internal or
Interagency Report (NISTIR) 8183 (Withdrawn)). National Institute of Standards and
Technology.