Cyber Security Report: Risk Assessment for Riot Games Cyber Security

Verified

Added on 2023/01/04

AI Summary

This report provides a comprehensive analysis of the cyber security framework for Riot Games, focusing on risk assessment conducted in accordance with the NIST cybersecurity framework. It identifies potential threats, communication strategies, documentation, and response measures. The assessment highlights instances where NIST controls are not applicable, suggesting alternative solutions, such as integrating third-party security software within the game. The report also examines the primary risks associated with implementing security measures for both the company and its clients, including costs, software quality issues, and the necessity of user permissions. Furthermore, the report discusses project management strategies, compliance gaps, and cost-benefit analysis. The report concludes by summarizing the main points, emphasizing the need for Riot Games to address competitive pressures and maintain customer loyalty through innovation.

Running head: CYBER SECURITY
CYBER SECURITY
Name of the Student:
Name of the University:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER SECURITY
Executive Summary
In this report, the cyber security framework of the company Riot games is discussed. The risk
assessment is conducted as per the controls presented in the NIST cyber security framework.
The scope of the risk assessment conducted is limited to the identification, communication,
documentation, evaluation of the threats and the response against them. The results of the risk
assessment presented in this report clearly states the cases where the NIST cyber security
framework controls cannot be applied and how this security gap can be compensated using
other measures. The report mentions the use of inbuilt third party security software bundled
in game software to improve the security of their customer or user systems remotely. This can
help in implementing the missing controls of the risk assessment framework. The report also
discusses on the major risks associated with implementing security measures for both the
company’s system and their client systems. The main risks reported are the extra permissions
required for installing extra software on client end devices, the cost of developing the security
software and the repercussions due to the weak quality or failure of the software. The security
software developed can have a tremendous impact on the company if it fails to perform the
task it was designed for. Not only can that software be used for criminal purposes by the
cyber criminals but the responsibility of the user system getting hacked will also be pinned on
the software. The cost associated with developing a software is huge and a failure in
developing the final product can be huge. Not only from a cyber-perspective but from a
general standpoint there are many risks that the company Riot games may face. The main
sources of these risks are the software being developed, the users, the partner companies and
the third party contractors. The main risks associated with these sources are a failure to
properly devise a developmental strategy, inadequate staff members for the company,
improper schedule and budget management resulting in bankruptcy, customer base loyalty
shifting to another game, the change of leadership or management in the company, partner

2CYBER SECURITY
company expectations not met or disagreement, partners losing trust in the parent company
and the company losing the backing of top management. All these are critical risks which can
result in failure of the project. The main strategies associated with the project management
are developing prototypes and construct pre-production stages that can be used to identify
risks beforehand and develop risk mitigating strategies. This method can also save a lot of
money and time later on. The report states the main gaps in the cyber security framework
and the compliance gaps that have developed due to them. Among the biggest compliance
gap the report states the security gaps in client side customer computers is one of the biggest
security risk. The report mentions strategies such as the use of third party software or inbuilt
home developed security software that can be used to fill the gap in the compliance. This can
be prioritized by conducting surveys about internet security measures in customer computers
and the most popular third party security service being used globally. The report states that
after completing the survey it is necessary to take actions based on the survey reports to
contact third party security companies to jointly develop and improve the security aspect of
their gaming software. As the whole game is hosted online and is real time, it is very
important to make the game safe from cyber-attacks and to keep the company game servers
running and the information of their clients safe from cyber-attacks. The report also discusses
the cost benefit analysis of the company Riot games. The report states that the company
makes an annual revenue of 1.8 billion dollars from its product. The company has limited
employees due to its web based nature and invests heavily in development and security of
their software. The company spends a significant amount on the maintenance of their servers.
Due to huge number of customers served by the company, the company owns multiple mega
servers region wise to handle traffic. Overall it can be said that the company makes sufficient
profit after all costs and third party payments. The company is valued at around $21 billion.
To conclude the company has to get over many obstacles like shifting loyalties of customers

3CYBER SECURITY
and growing competition in their market segment. The company must develop strategies to
counter them by introducing innovative changes in their existing products or develop new
products to keep their biggest assets that is their customer base interested in their products.
The report concludes with a summary of the main points of the report.