Congratulations! You’re still employed! Now that you’ve got your business problems and stakeholders for your Park Area identified and sent off to the team for review it’s time to shift focus to security and risk. Since some of your problems undoubtedly addressed “all the problems of a major theme park and a major zoo” you’ve already started thinking about security and risk.

If you haven’t started thinking about security and risk here’s a video to get you in the mood (https://youtu.be/MVSHxhT_sBc):

The video focuses on physical security, of course, but that should get you in the security frame of mind.

Your first step is to brainstorm what sorts of security and risk problems your Park Area might have. Again, this is a “think of them and type them down” exercise. You don’t need to submit a formal document, just make sure what you submit is readable – the sort of document you’d turn into the team leader for review. If you didn’t include them last time, remember to include the worst possible situations that might happen – up to and including an asteroid strike. 

Speaking of amusement parks and zoos, here are some regulatory resources to look over – some of these are based on the USA, so if the park isn’t under the jurisdiction of the US you will need to invent some regulations to be in compliance of.

• IAAPA Regulations and Standards http://www.iaapa.org/safety-and-advocacy/safety/amusement-ride-safety/regulations-standards
• “Amusement park regulations, inspections different from state to state; no federal oversight” http://www.foxnews.com/travel/2013/07/29/amusement-park-regulations-inspections-different-from-state-to-state-no-federal/
• USDA Zoo, Circus and Marine Animals http://awic.nal.usda.gov/zoo-circus-and-marine-animals
• Association of Zoos & Aquariums https://www.aza.org/
• CITES (the Convention on International Trade in Endangered Species of Wild Fauna and Flora) https://cites.org/eng/disc/what.php
• Restaurant Law http://www.restaurantlawonline.com/
• Regulations.gov http://www.regulations.gov/#!faqs

So, your next step will be to invent (or embrace) some regulations that your area will need to be in compliance of. Come up with at least five.

As we indicated in the Weeks 3 and 4 assignment compliance, while necessary, is not the reason for a risk management program. Risk management seeks to identify, protect, detect, respond, and recover from/to events that effect the assets of the business. In our class we’ll be using a very basic version of the NIST Cybersecurity Framework (CSF) to guide you through the process of handling your assets.

Note: Many of you do not have a security/risk background and that is okay for this exercise; the important thing is that you know this is out there and can speak up in the real world and try to get security and risk considerations involved early on in whatever planning phase there is. Please consult security and risk professionals to assist you in that case.

We will focus on the Categories and Subcategories columns – if you want to fill out the Informative References, based on your invented or embraced regulations for your own purposes you may.

We want to develop outcomes and activities. The NIST CSF documentation (http://nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf – look for section 2.1 Framework Core) explains categories as “the subdivisions of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and particular activities” and subcategories as “outcomes of technical and/or management activities”. You can read about the guidelines for what goes under the various functions in the pdf. 

What you will be turning in for Task 2, to the Task 2 Discussion Board and the Task 2 Files link:

1. Brainstormed list of security and risk problems your Park Area might have
2. Invented or embraced list of five regulations for your Park Area
3. A chart, based on the NIST CSF, with Categories and Subcategories filled out for the Functions, applicable to your Park Area.
4. A one-page, 250 word document persuading your most influential stakeholder why it’s important to consider security and risk when designing the IT systems for your Park Area.

***Make sure you specify on any documents you turn in what your Park Area is. ***

Below links give complete information about my theme park

Park Area 2 is responsible for the dinosaur viewing attractions including Cretaceous Cruise (http://www.jurassicworld.com/park-map/cretaceous-cruise/ – including the special White-water rafting experience), Gyrosphere (http://www.jurassicworld.com/park-map/gyrosphere/), Mosasaurus Feeding Show (http://www.jurassicworld.com/park-map/mosasaurus-feeding-show/), and Underwater Observatory.