Comp427, Spring 2018, Homework 1

Rational Paranoia

The homework specifications, as well as the corresponding course slide decks, can be found on the Comp427 Piazza. This assignment is due Thursday, January 17 at 6 p.m.

You will do this homework by editing the README.md file. It's in MarkDown format and will be rendered to beautiful HTML when you visit your GitHub repo.

Student Information

Please also edit README.md and replace your instructor's name and NetID with your own:

Student name: Namanh Kapur

Student NetID: nkk1

Your NetID is typically your initials and a numeric digit. That's what we need here.

If you contacted us in advance and we approved a late submission, please cut-and-paste the text from that email here.

Problem 1

• Scenario: {Stadium}
• Assumptions:
  • I assume the stadium has an ovalish shape and contains a roof, playing field, and seating area, as well as a surrounding walkway for stalls and concessions. I will also assume the stadium in question includes a parking lot and doesn't border any buildings, bodies of water, or parks.
• Assets:
  • Spectators
    • People
      • The spectators vastly outnumber any other group of people in the stadium and directly contribute to revenue by purchasing (one-time or season) tickets, food, and team merchandise. Any harm to the public spectators would cause a news frenzy and feelings of distrust and fear. This may lead to a decline in attendance at games.
    • Property
      • Most fans arrive at the stadium by car and must park their vehicles. At packed games, this means a multitude of cars either in a garage or out in the open. Further, many times, large items are not allowed in the stadium and can either be left in the car or coat-checked by a third-party service. We must ensure cars are not stolen, broken into, or damaged and that coat-checked items are safely kept and returned at the end of the game. If not, the public may start to question our stadium security and feel unsafe.
  • Teams
    • Players/Coaches
      • This asset refers to both the home and away teams. If players are attacked either physically or non-physically, they may be less inclined to return to the field. Even if they end up playing again, they may be preoccupied about their safety and not perform at their best. As for the coaches, they oversee play calls and overall strategy. Most offensive/defensive coaches wear headsets, so we need to make sure the microphones and/or sound-waves travelling through the air are not compromised.
    • Playbooks/Strategy
      • Many times, physical copies of playbooks float around the team's bench area. For the integrity of the sport and to ensure fans continue to believe games aren't rigged or fixed, we need to protect each team's playbook in the name of fairness.
  • Stadium Staff
    • Once again, like the spectators and players, the staff are people and their safety matters. Further, these people have special access to the stadium as they are employees so we must ensure they aren't engaging in dangerous/illegal behaviors.
  • Stadium Structure
    • This asset is where all the above assets reside. We must ensure there is no danger to the stadium's structure as any weakness can force the whole stadium to collapse. This can cause irreplaceable damage including the loss of human lives and millions of dollars.
• Threats:
  • Small Crimes
    • Vandalism/Damage/Theft
      • We would want to protect the stadium from any vandalism and damage. Further, we must ensure any personal belongings (items and potential cars) are not compromised. Otherwise, our stadium may gain a reputation of being unsafe.
    • Illegal Selling of Tickets
      • Many times, right before the start of a game, people sell bootlegged tickets right outside the stadium. We want to minimize this activity.
    • Violence
      • We want to make sure no one gets hurt at any point in the game. Fights can often break out at big rivalry games and tensions are high.
  • Terrorism
    • We would want to defend against any terrorist attack as this would affect any people in the stadium as well as the structure of the stadium.
  • Open Roof
    • There is of course an opportunity for a terrorist air attack if the roof is open. Additionally, there is a possibility of severe weather including lightning, winds, and hail. For the safety of the people in the stadium, we must protect against these climate threats.
  • Box Seats Being Sabotaged
    • Many companies and high-profile organizations have box seats at stadiums. We should protect these box suites especially as they are often the result of highly profitable parternships and sponsorships.
• Countermeasures:
  • Having Security at Many Locations
    • We would want to have a special team assigned to the parking lot to ensure safety of the cars and other personal belongings. Police stationed here would also decrease the sale of illegal tickets. This in turn would increase public trust and potential revenue from legal, direct-from-stadium or through verified partner sales.
    • We would also want to have security at the many stadium entrances to check bags and people as they enter the premises, as well as security around the walkways connecting the stadium seats to the concession stands and other stalls. This would also protect people in the box suites. Seeing people in uniform all around the stadium has two benefits: actual safety and believed safety, meaning people will be more likely to show-up to and stay at games.
  • Ensuring Newest Technologies
    • To combat against counterfeit tickets, we should ensure our barcode scanners use the latest technologies. As for the coaches' microphones, we want to ensure there is sufficient end-to-end encryption. Further, we should encourage teams to view their playbooks on secure, digital devices rather than on paper. New technology can be quite expensive in the short-term because of initial costs, but once the system has been fully integrated, the stadium will see more money from ticket sales and teams will feel better about communication on the field.
  • Automatic Roof-Closing System
    • For the roof, we should have an automatic system that triggers in case of severe weather and alerts chief operators at the stadium, while automatically closing the roof to keep the area safe. This is a must have and there really is only a one-time cost of implementation, and then a low maintenance cost thereafter.
  • Natural Disaster Response
    • The stadium should be built to withstand earthquakes and high-winds. This is usually part of city/state-wide codes and regulations anyway.
  • Vetting Stadium Staff
    • We should make sure we have rigorous background-checks and psychological assessments conducted of our staff members on a regular basis (maybe every year). We should also ensure we are using secure credentials like badges and pin codes. Re-vetting staff is a costly procedure and has many administrative costs. Of all the countermeasures I propose, this should be implemented last as it has only a moderate benefit, compared to the significant cost.

Problem 2

• Scenario: {TSA}
• Assumptions:
  • I assume we are considering a TSA checkpoint at a major airport hub with many lanes, scanners, and staff. Further, I assume we are analyzing this checkpoint in the afternoon, around when the airport is busiest.
• Assets:
  • TSA Staff
    • We need to ensure the safety of all TSA staff. Though it is illegal to assault an officer, we want to make sure the staff always feel safe and in control. The rules only matter if most people follow them so by protecting TSA staff, we are also implicitly protecting the general public.
  • Passengers
    • Most importantly, we need to protect the civilian passengers as they cross the checkpoint. Many passengers travel with little kids, so we need to make sure everyone remains safe. Often, the lines can get long, and people can get impatient, we want to crowd-control as effectively as possible.
  • Property
    • People
      • People's bags will go through the screening machines and should arrive at the other side in perfect condition. This means nothing in the machine should damage the items passing through. Also, if a further, manual inspection is needed, we must ensure the officer doesn't misplace or break anything.
    • Airport
      • Everything from the mats to the stanchions and metal detectors are all airport property. After a full day of checkpoint screening, all equipment should be in the same shape as when the day started.
• Threats:
  • Crimes
    • Vandalism/Damage
      • We would want to protect the security checkpoint from any vandalism and damage. Further, we must ensure any people's personal belongings as well as airport property in general are not affected. Otherwise, our checkpoint may become less secure and look physically unappealing.
    • Violence
      • We want to protect airport staff from any potential violence by civilians. Further, we want to ensure the safety of civilians from each other. There should be no pushing/shoving in the lines.
    • Terrorism
      • Of course, we want to screen all bags and people for weapons or other items of threat. After 9/11 security has amped up but we always want to be alert and aware.
  • Causing Physical Pain
    • When going through security, we are told to take off our shoes and coats and whatnot. For one, the floor should be sweeped and clear from any objects that may penetrate through our feet. Moreover, we are told to put our belongings in little plastic buckets. One potential risk is buckets falling off the conveyor belt and hurting us.
    • When officers do a 'pat-down,' they must ensure they are not hurting anyone by being too aggressive.
  • Invading Personal Bubbles
    • We should try to pair women with women and men with men when performing 'pat-downs' to maximize how comfortable the civilian feels. At no point, should the person in question feel violated.
  • People with TSA Pre-Check or Clear/Flight Staff
    • These people have faster access and less screening when passing through security. We must ensure their credentials are accurate and that their background checks haven't expired.
  • Racial Profiling
    • We need to be extremely mindful of racial bias and profiling when 'randomly selecting' people for additional screening.
• Countermeasures:
  • Having Information on Criminal Prosecution Displayed
    • Provide information on penalties for hurting an officer, another civilian, or airport property to dissuade people from engaging in these types of behaviors.
  • Having Various Security Staff Positioned Around the Area
    • This will increase traffic flow as the officers can redirect people to different lines when necessary, while decreasing the possibility of unseen criminal activity like violence. Additionally, officers in charge of the plastic bins will minimize the chances that people get hurt from boxes falling to the ground.
  • Investing in the Best Technologies
    • This pertains to the metal detectors and body scanners. We must ensure we use state-of-the-art equipment to minimize the chances of someone entering with weapons or other potential threats. Though this may be costly in the short-term, the investment becomes worth it in the long-term. Saving lives and planes will save a lot of money down the line.
  • Training TSA Officers
    • First and foremost, we need to train our officers to handle the equipment. However, we must also train them to respect civilians when performing searches. Officers should be aware of their own biases and the existence of racial profiling in general. The educational measures shouldn't be too expensive and will safeguard against the possibility of people feeling disrespected and uncomfortable.
  • Ensuring Frequent Background Checks
    • For airline staff and those with pre-check/Clear, we need to ensure their credentials are in order and that their information has been freshly verified. This will ensure people don't abuse the system and slide through security through a faster, more convenient channel. The thoroughness of security should be constant in both scenarios.

Problem 3

• Scenario: {You oversee the Student IT Help Desk at Rice University}
• Assumptions:
  • I assume we are considering the IT Help Desk during business hours, with moderate traffic. Further, I assume I am the lead in charge and there are no other adults around.
• Assets:
  • Equipment
    • This includes everything from the desktop computers and keyboards and chairs, to little objects like staplers and roles of tapes.
  • Student Consultants
    • As paid employees, student consultants are the most important assets at the IT Help Desk. We oversee dealing with customers and are responsible for the state of the room at any point in time. We should always be healthy and happy!
  • Client Property & Data
    • Clients can walk-in with a variety of problems from broken computers to Wi-Fi connectivity issues. Their devices and data are an important asset we must work to protect.
• Threats:
  • People Borrowing Equipment
    • Sometimes, we loan people USB sticks or adapters. It is possible people forget to return the borrowed items. We can take this one step further and even combat the threat of purposeful stealing. Furthermore, many times, people ask to borrow our hole-punchers or staplers and forget to bring those items back too.
  • People Verbally/Physically Abusing Student Workers
    • Student workers have the same rights and powers as any member of the OIT department at Rice. We must ensure no client or passerby verbally or physically harasses anybody on shift.
  • Losing/Corrupting/Damaging Client Property/Data
    • Clients can sue us if we damage their devices outside of normal wear and tear associated with repair.
    • As for data, there are specific federal laws that protect client data. We must ensure client data is not leaked/corrupted/lost once a laptop or other device is checked-in to the IT Help Desk for repair. If we aren't careful, we can end-up in serious legal trouble.
  • Clients Reporting Consultants to Management
    • For justified or unjustified reasons, clients can report consultants to management, and this may result in the consultant losing their job.
  • Clients Getting Hurt
    • This may occur due to dangling wires. There are many wires snaking around the room, and some are hard to see and easy to trip over.
• Countermeasures:
  • Have a Deposit in Place to Borrow Equipment
    • We can enforce a policy where anyone wanting to borrow adapters or staplers or whatnot have to put down their ID or watch that we will return when they bring back the borrowed item. This is extremely easy and cheap to implement and has proven effective in many other situations (think boba shops that have board games available for check-out).
  • Have a Camera in Place
    • If the camera is in an easy to spot location, customers will be less likely to become belligerent because they are being recorded and monitored. This will also protect the department if any legal action is taken. Finally, in the case that a client reports a consultant to management, we will have video proof of the situation.
  • Ask Clients to Sign Liability Waiver
    • This is essential because it will allow consultants complete freedom when opening and working on laptops. If anything goes wrong, we are legally protected under the liability waiver. This is very cheap to implement and defends us against potential lawsuits.
  • Tape Down Wires
    • By using clips and tape, we can bundle wires together and put them out of sight. This will increase safety in the workplace and make the room look less busy, in general.