Risk Management the Video Game Industry Forms

¶ … Risk Management

The video game industry forms a significant part of the leading companies worldwide currently. The huge diffusion of the internet and associated information technologies over the recent years has raised the need of increased security. Advancement in technology consequently leads to the advancement of video games as well as associated security risks. Some of the common threats and vulnerabilities involving this industry include: misuse by human, hacking, fraud, virus attacks, among others. Such factors can facilitate adversities such as information loss and alteration, and unauthorized access. This paper identifies and assesses potential threats, malicious attacks, and vulnerabilities expected by the organization. It also gives the control procedures to mitigate the mentioned risks and vulnerabilities.

The Threats and Vulnerabilities

There are a number of dominant security threats involving technology and information that affect the organization. Such threats poise a serious disruption to the business continuity planning (BCP) cycle of the video game organization. These threats include system failure, network failure, virus attack, fraud, hacking, fabrication, and theft.

Enterprise Systems Security Weaknesses

The biggest enterprise weakness presents itself through acquisition processes. Acquisitions are a vital step in expanding a company's size, particularly, the video game company. Progressive involvement in acquisitions by the company can and does pave way for potential security weaknesses (Rahman and Morh 2011). The actual acquisition process involves the integration of many different systems, a process that could create possible, inherent security risks. There is the risk of providing too much access, blocking of valid network traffic or mistrust towards the domains might evolve. This process also could have the organization integrate with systems with unknown risks. The video game industry constitutes of programs with potential security risk s. As leverage to this factor is by use of common programs (e.g. Microsoft Office, Adobe Reader, and Quick Time). These programs act as a vector for infecting computers with internet access; hackers acquire information by using such infection vectors. Another security risk comes with the coding language that the video game organization uses to generate its products. All programming languages contain threats and vulnerabilities; the mode of writing the language influences such threats and vulnerabilities.

Potential Risks and Vulnerabilities on the Network

The video game organization runs a wide variety of networking devices manufactured from different sources. The networks usually comprise of the Local Area Network and the Wide Area Network used to interconnect the company's facilities. These interconnections create security risks whether properly or poorly done. Connection of the organization's WAN to the internet compromises the information that traverses the network prior to ignoring proper security procedures. The absence of safeguards e.g. firewalls, proper configurations and the intrusion detection system increase cases of unauthorized access. The organization should use proper configurations to prevent unauthorized access. Firewalls and other intrusion detection systems should also be employed.

System Software Risks

The video game company employs a wide variety of software and hardware components in running its operations. The use of common operating systems and server systems by the organization poses a serious security risk. Programming languages used in the video game creation process have security risks that they consequently integrate to some of the generated programs. Utilization of these programs creates risks within the enterprise. The organization throughout uses websites over the internet; web sites provide hackers with a weak access point to the organization's information. The hackers access the website to acquire personal information and credit card information that might be used to alter or destroy the databases. In order to prevent hacking, the organization should ensure the installation of security software called firewall, which blocks unauthorized entries. Storing backup information is also a vital strategy in case the attackers alter or destroy the data. Virus attack is another software threat, which involves the use of malicious software that compromise account information (account name and passwords) in the organization's network. This leads to fraudulent activities putting the electronically controlled businesses process at high risk. The organization can avert virus attacks is by employing the use of trusted antivirus software to block virus software. It is necessary to train the employees (programmers) on how to use the programming languages. This will reduce the creation of risks by the programs developed by the organization.

Enterprise System Hardware Threats

The video game industry also has a variety of system hardware throughout the company setting. Company servers are mainly from commonly known companies such as Dell, and HP. Hardware components called UPS's protect servers and workstations. Failure of a hardware component poses a risk to the company. The servers could be exposed to risks from spikes in the power and brownouts that might otherwise damage hardware components. Workstations within the video game organization are of a wide variety, depending on the type of work assigned to each employee. The determining factor of which system to utilize depends on the type of work performed b an employee e.g. 3D programmers and graphic designers might employ Apple systems while the normal programmers might utilize the normal PC. Using a common system for all workstation in the organization increases the hardware risks poised to attack the organization. Using different systems reduces the risk for the organization. System failure might result to computer network servers collapsing. This could in turn cause the loss of data information and halting business processes. Such scenarios might require lengthy repair time of up to a week. System failure can be dealt with by establishing a secondary recovery site through which the company redirects the internet. The establishment of a standard workstation of multiple workstations in the organization serves as a formal mitigation scheme for the potential risks and vulnerabilities. It is also beneficial to use standard images in order to help ensure that all hardware and workstations systems have the correct updates, patches, and settings.

Security Requirements

System Requirement Policies: The video game organization should develop system security policies e.g. The enterprise information security policy (EISP); to provide a corporate philosophy on security laying out the responsibilities required to ensure the organization's security, and system -- specific policy (SSP); this covers the managerial guidance and technical specifications requiring quick address (Rahman, October 2011). The combination of these policies covers the company's security in regards to systems policies. There is also need to establish information security training programs considering the elements of security education, training and awareness. Security training programs will equip the employees with knowledge and skills necessary for preventing and addressing security issues. The element of security awareness provides employees with vital information on the potential threats and malicious attacks that the organization faces. Information security review is also essential to determine whether the established system security policies and effectively working in the organization setting.