Accountability Gap Scenario You’re in your final weeks at Padgett-Beale as a management intern. Hopefully, this has been an enriching and rewarding experience for you. Before you finish out your time here, the Chief of Staff has asked you to prepare one last briefing paper – this time your audience will be three new members of the corporation’s Board of Directors (BoD). These busy executives need to be brought up to speed on their responsibilities with respect to cybersecurity. The Chief of Staff has provided you with a list of readings that have been reviewed and found acceptable for use in preparing this briefing (the readings appear under Research in this file). The new members of the board will each receive a read-ahead package containing these readings. As you work your way through the CoS’s reading list, you should take notes and familiarize yourself with the roles and responsibilities of a member of the Board of Directors. You should also review the Accountability Gap research report and the findings from that research. From these resources and others that you find on your own, you’ll need to identify and then discuss at least five security and privacy related issues that the board members need to be aware of. These should include cybersecurity related responsibilities for BoD members as enacted in federal and state laws and/or published in government or industry regulations. (Hint: look for terms such as fiduciary duty, liability, due diligence, etc.) See the instructions below for additional information about length, formatting, and citing of sources. Research Review the Week 7 and 8 readings. You should pay special attention to the reading on the Accountability Gap (see https://conferences.law.stanford.edu/cyberday/wp-content/uploads/sites/10/2016/10/3c1_The-Accountability-Gap-Report-%e2%80%93-Cybersecurity-and-Building-a-Culture-of-Responsibility-1.pdf )Research the roles and responsibilities of Boards of Directors in general and with respect to cybersecurity. Here are some resources to help you get started: https://www.extension.iastate.edu/agdm/wholefarm/html/c5-71.html https://www.gsb.stanford.edu/sites/gsb/files/publication-pdf/cgri-quick-guide-03-board-directors-duties-liabilities.pdf https://www2.deloitte.com/content/dam/Deloitte/za/Documents/governance-risk-compliance/ZA_DutiesOfDirectors2013_16042014.pdf https://securityintelligence.com/nacd-publishes-five-cybersecurity-principles-every-board-director-needs-to-know/ https://www.infosecurity-magazine.com/opinions/corporate-board-responsibility/ https://corpgov.law.harvard.edu/2017/04/28/cybersecurity-trends-for-boards-of-directors/ https://corpgov.law.harvard.edu/2017/05/30/cybersecurity-must-be-high-on-the-board-agenda/ As you read the above readings, identify five or more ways that members of the BoD can become more informed about the company’s current cybersecurity posture (a key step in closing the “accountability gap.”) These will become your recommendations in your briefing paper.Find at least one additional source that provides information that a member of the board of directors needs to know about his or her cybersecurity responsibilities. Write Write a 2 page briefing paper in which you present a summary of your research about the topic and your recommendations as to what should be included in a briefing to the new members of the Padgett-Beale Board of Directors. Be choosy about what you include – busy executives do not have the time to read lengthy, rambling papers. Don’t be too choosy however. Your recommended content should be comprehensive and fully address the briefing topic. At a minimum, your briefing paper for this case study must include the following: 1.An introduction to the case scenario and the topic (use the information above) 2.A discussion of five or more key points about the topic (“cybersecurity and related responsibilities of members of corporate Boards of Directors”) 3.Five or more recommendations for closing the accountability gap by making sure that members of the BoD are educated about cybersecurity and informed about cybersecurity issues as they arise in the future. 4.A closing section in which you restate the key issues and your recommendations. As you write your briefing paper, make sure that you address security issues using standard terms and definitions. See the resources listed under Week 1 and under Course Resources > Cybersecurity Concepts for definitions and terminology. Submit For Grading Submit your research paper in MS Word format (.docx or .doc file) using the Case Study #1 Assignment in your assignment folder. (Attach your file to the assignment entry.) Additional Information To save you time, a set of appropriate resources / reference materials has been included as part of this assignment. You must incorporate at least three of these resources into your final deliverable. You must also include one resource that you found on your own.Your briefing paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources. 3.You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count. (An example and template file are available in the LEO classroom. See CSIA_Basic_Paper_Template(APA_6ed,Nov2014).docx file under Content > Course Resources.) 4.Your briefing paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings to organize your paper. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use (APA_6ed,Nov2014).docx. 5.You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 6.You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
padgett_beale_corporate_profile_v2.pdf

Unformatted Attachment Preview

CYBERSECURITY MANAGEMENT & POLICY
Padgett-Beale, Inc.
A case study for CSIA 300
Valorie J. King, PhD
8/18/2017
Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300 Cybersecurity for Leaders and Managers
Welcome!
Dear Intern,
Welcome to Padgett-Beale! We are excited to have you join us as a management intern and
hope that your participation in our virtual / online program will be beneficial for both you and our
company. This year, our management interns will have the opportunity to participate in Padgett-Beale’s
pervasive cybersecurity initiative. This initiative is designed to help our employees and managers better
understand and address the cybersecurity problems that our company is facing. These problems include
a host of privacy related concerns, intellectual property protection issues, and the appropriate use of
information technology resources. Since you are joining us as a management intern, you will also be
participating in our internal training program: Cybersecurity for Leaders and Managers. During this eightweek program, you will have an opportunity to participate in a number of management and leadership
activities and assessments related to cybersecurity.
As you move through this program, we hope that you and your peers will take advantage of the
numerous communication channels made available to you via our internal Websites and discussion
forums. We are truly interested in learning from you and hearing your thoughts on the management and
leadership issues that you encounter during your time with us.
Finally, our goal is to help you find opportunities to take what you learn here and apply it to
your future studies and career. We hope that you, in turn, will help us by providing feedback during and
at the end of this program. Thank you for your participation and, again, Welcome!
Sincerely,
Edwina L. Beale
Edwina L. Beale
Chief of Staff and Manager, Internship Programs
Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300: Cybersecurity for Leaders and Managers
Padgett-Beale Organization Chart — 2017
Figure 1. Padgett-Beale, Inc. Organization Chart
Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300: Cybersecurity for Leaders and Managers
Company History
Elmer and Robenia Padgett’s first hotel, Robenia’s Guest House, opened in 1925 with six
family suites (two per floor), a tea room, and a formal dining room. The guest house
primarily served wealthy families who relocated to the seashore for the summer to escape
the heat in New York City. This property provided amenities and services matching those of rival longstay hotels in major cities along the East Coast. The second and third properties, Padgett’s Hotel and
Padgett’s Beach House, were acquired in 1935. Flintom’s Tavern, a landmark restaurant and
entertainment venue, was added to the Padgett properties portfolio in 1940.
Periodic resurgences in popularity of the seashore as a vacation destination occurred
over the next fifty years (1940-1990) as bridges were built, roads were improved, and
regional economies strengthened. These resurgences brought additional competition as
new motels and resorts operated by national chains entered the seashore vacations market. Major
weather events in the 1970’s resulted in damage to both Padgett’s Beach House and Flintom’s Tavern
causing both to close for an extended period of renovations. The Padgett family’s brand remained
strong, despite these setbacks, as members of the family took a personal interest in the day-to-day
operations and management of the company.
Padgett’s was not an early adopter of computers and information technology. But, over
time and as younger family members entered the business, computers began a slow
march into the company’s offices in the form of personal computers with word
processing, spreadsheets, and database systems. Personal computers also made their way
into manager’s offices in the hotel properties where spreadsheets proved valuable in tracking revenues
and expenses. In 1982, an embezzlement scandal at Flintom’s Tavern forced the company to adopt
computer-based point of sale (POS) systems throughout the company for all cash handling functions
(hotel front desks and restaurants). A benefit of the POS systems were the built-in reporting functions,
which enabled the company to more closely track cash and credit sales by property. By 1995, the
company had fully integrated custom hotel management software into its operations. This software and
the associated databases were hosted on company owned / operated mainframe computer systems. By
the end of the decade, information technologies were in use to support all aspects of the company’s
internal operations (accounting, customer service, property management, and reservations).
At the beginning of the new century, the company adopted its first strategic plan with
a heavy emphasis upon growth and expansion. Under this plan, the company branched
out and began offering hotel and resort management services to other hoteliers and
property owners. Advanced telephony services and implementation of custom
software allowed Padgett’s to offer one of the first centralized reservations management services. The
company also leveraged the Internet and World Wide Web to launch a resort affiliates program, which
provided a menu of business related services to member properties. These services included: online
advertising and promotions, architecture and design assistance, business operations consulting, group
Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300: Cybersecurity for Leaders and Managers
business insurance, and guest loyalty programs. The hotel and resort management services business
area continues to be the major source of revenues and profits for the company and its owners.
As part of Padgett’s expansion plan, the company purchased Beale Realty Holdings in 2001
and formed Padgett-Beale, Inc. (PBI). Shortly thereafter, PBI embarked on a series of realestate acquisition activities, which led to the purchase of several large tracts of prime Eastern Shore
waterfront property. The company’s long-term plan was to hold the properties as real estate
investments and, when market demand rose sufficiently, expand into development, sales, and
management of condominiums and vacation time-share properties. The focus on long term investment
was a wise choice as this particular market segment was adversely impacted by the housing boom/bust
in the mid 2000’s.
At the time of purchase, the waterfront properties were in use as campgrounds and
resorts for tent-campers, travel-trailers, and motorhomes. These camping facilities
were allowed to continue their existing operations with minimal investment and
oversight for the next 15 years (2002 – 2017). During this laissez-faire management period, some
campground managers modernized their camp offices and stores by purchasing computer-based point
of sale systems that allowed them to accept credit and debit cards. Most of these managers also
outsourced their reservations management to a third party online reservations system, which provided
a customized website to advertise each park and provide access to the online reservations system. A few
campgrounds did not modernize beyond setting up a simple website with contact information and a few
photographs. These facilities continue to use a mail or telephone-based reservation process with a “cash
only” payment policy.
In 2015, the day-to-day operations and management of PBI was transitioned to a new
leadership team recruited from leading hotel and resort management companies. The
new leadership team includes the Chief Executive Officer, Chief Financial Officer, Chief
Operating Officer / Director for Resort Operations, and the Corporate Counsel
(attorney) who is also dual-hatted as the Chief Privacy Officer. Under this new leadership, the company
was reorganized to better focus on the three most profitable business areas: Resort Operations,
Reservations Services, and Resort Affiliates. Management and daily operations for the three company
owned hotel properties (Robenia’s Guest House, Padgett’s Hotel, and Padgett’s Beach House), Flintom’s
Tavern, and the campgrounds / trailer parks were transferred to the newly formed Property Holdings
and Development division.
Building a strong management and leadership team is a priority for both the new
CEO and the current chair of the PBI Board of Directors. In 2017, these two
leaders developed and launched a management internship program whose
participants were recruited from a select group of colleges and universities. The next class of
management interns has just started in program and will soon find out where their first assignment will
take them within the company.
Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300: Cybersecurity for Leaders and Managers
Industry Overview
Padgett-Beale, Inc. (PBI) operates in the Hotels, Motels, & Resorts industry (NAICS Codes 721110
and SIC Codes 7011) (First Research, 2017a). Hotels, motels, and resorts provide short-term housing and
lodging for travelers and visitors. Related services offered by companies in this industry include: catering
and meals, conferences and event hosting, entertainment, resort amenities (golf, swimming, spa, etc.),
etc. The company also operates in the Recreational Vehicle Parks industry (NAICS Codes 721211; SIC
Codes 7033) as both an owner/operator and as a management and operations partner providing
specialty services to member and affiliate RV parks.
Hotels, Motels, and Resorts
Leading firms in this industry include Marriott International, Inc., Hilton Worldwide Holdings,
Inc., and Starwood Hotels & Resorts Worldwide, LLC (First Research, 2017a). On an annual basis, this
global industry generates over $500 billion in revenue. The U.S. segment of this industry generates
approximately $175 billion in revenues each year. These revenues may be generated directly from
operation and management of company owned properties. Or, revenues may be generated through
franchising arrangements or through fees generated in conjunction with property management / hotel
operations services provided to other property owners.
Demand for products and services in this industry is driven by two primary factors: (a) business
travel and (b) vacation or tourist travel (First Research, 2017a). Both of these factors are highly sensitive
to the health of regional, national, and global economies. Financial analysts estimate that 75% of
industry revenues result from fees for overnight lodging. The remaining 25% of revenues result from
sales of related products and services (e.g. meals, beverages, etc.). Labor is the most significant source
of expenses.
This industry uses information technology and the Internet in a variety of ways. First, most
brands use the Internet and social media to support their marketing efforts. Second, all but the smallest
of properties / brands use information technologies and the Internet to support reservation call center
operations. Third, information technologies are used in the daily operations of facilities (front and back
of house) and in support of corporate business processes and functions. These technologies include
Point of Sale systems for handling customer financial transactions, housekeeping and maintenance
management systems, card key access systems for guest rooms and restricted areas, scheduling and
timekeeping systems for personnel, and building / facilities management systems that control and
monitor energy using systems such as lighting and heating/ventilation/cooling (HVAC) systems.
Information technologies are also used to provide physical security in such forms as video surveillance
and recording, access controls for equipment and control zones (key pads, badge readers, password
controlled logins), and automated access logs which record identity information along with
timestamped entry/exit for controlled zones.
Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300: Cybersecurity for Leaders and Managers
Recreational Vehicle Parks
Leading firms in this industry include Thousand Trails (owned by Equity LifeStyle Properties), and
Kampgrounds of America (KOA) (First Research, 2017b). Each of these companies has a slightly different
business model. Thousand Trails is an owner/operator for RV Parks (First Research, 2017b). KOA sells
franchises to owner/operators of privately owned RV Parks and provides brand related services such as
marketing, park design and management consulting, and reservations management. A third company,
Good Sam Enterprises, markets and sells RV travel related services to individual travelers (“members”)
and provides marketing and sales support to member parks (Good Sam Club, 2017). All three firms
provide online guidebooks (some with reviews, inspection reports, and ratings), which include
information about individual parks and their amenities. In addition to these three firms, there are
thousands of smaller owner/operators of RV parks in the United States. These RV parks range in size
from 10 – 100 acres with a capacity of 150 to 2,000 or more RV, tent, and rental cabin sites.
Demand for products and services in this industry is driven by vacation or tourist travel (First
Research, 2017). Sales and revenues are highly seasonal as preferred destinations change with the
weather and with the usual and customary vacation periods (summer, holidays, school breaks, etc.).
Rental fees for overnight stays are the largest source of revenues for individual RV Parks. Additional
revenue sources include: camp store and gift shop operations, restaurants and snack bars, fuel sales
(propane), and sales of RV parts and accessories. Major areas of expenses are: utilities (water, electric,
sewer, cable TV, and Internet service), park maintenance (including roads and buildings), vehicles,
property taxes, and operating expenses for amenities such as laundry facilities, bath houses, swimming
pools, playgrounds, etc. Insurance coverage for park operations is also a major area of expense and may
include additional coverage for cybersecurity liability (Philadelphia Consolidated Holding Company,
2017).
This industry uses information technology and the Internet in a variety of ways. First, many RV
parks maintain a Website to advertise the park (First Research, 2017b). They may also use social media
to attract visitors to their Website and to the RV park. They may also depend upon Websites operated
by third parties such as RV Park Reviews, Trip Advisor, and Good Sam Club to attract the attention of
individuals who are planning trips or vacations. Second, all but the smallest of properties use an online
reservation management system that allows travelers to search for available sites by date(s) and by
required or desired amenities (electric, water, sewer, cable, pet friendly, etc.). Larger operators and
networks of parks may also use a telephone call centers for reservations management. These call
centers depend upon computer applications to route and manage calls. Reservation management
systems also depend upon databases and database servers to store and process customer information.
Third, information technologies are used in the daily operations of some facilities. Such uses include
guest check-in/check-out, cash and credit card transaction management (payments & refunds),
maintenance records, camp store / gift-shop inventory and sales, and bookkeeping / reporting (revenue
tracking). Some RV parks also use computer-based systems for video and audio surveillance, automated
vehicle entry/exit, and energy usage monitoring.

Copyright © 2018 by University of Maryland University College. All Rights Reserved.
CSIA 300 Cybersecurity for Leaders and Managers
References
First Research. (2017a). Hotels, motels, & reports: First Research custom report. Retrieved July 26, 2017
from Hoovers Online.
First Research. (2017b). Recreational vehicle parks: First Research industry custom report. Retrieved July
26, 2017 from Hoovers Online.
Good Sam Club. (2017). Who we are. Retrieved from http://www.goodsamclub.com/about
Philadelphia Consolidated Holding Corp. (2017). Cyber security liability. Retrieved from
https://www.phly.com/mplDivision/managementLiability/CyberSecurity.aspx
Copyright © 2018 by University of Maryland University College. All Rights Reserved.

Purchase answer to see full
attachment