Information security is referred as the strategies that manages the tools, processes as well as policies to identify, protect or prevent the digital as well as non-digital information and information assets irrespective of the format of information and whether the information is in state of transit, or in state of being processed or is at rest in storage. An information asset is a body of information, an information storage system or an information processing system, which is of value to the organization. Information security policy is designed and developed in order to protect integrity, availability and confidentiality of computer system data from malicious users (Safa, Von Solms, and Furnell 2016). An effective security strategy is dynamic, comprehensive and flexible to reply to security threat type. The process of developing a security strategy consists of planning, assessment, regular monitoring and implementation and include mix of actions such as access management measures, policies and procedures, communications systems, technologies and systems integration practices to counter imaginable threats and vulnerabilities. The security strategy document defines and arranges information security as well as security initiatives that the organization must initiate to strengthen the protection of information and the related technology (Obes, Yamada and Richarte, 2013). In the context of data security any potential danger to the information or system can be referred to as threat. One important function of data security is to identify and assess the potential threats assessment, categorically classify them and evaluate the potential damage that might be caused by them (Rao and Selvamani 2015).
Choice Hotels International identifies information security as one of its primary requirement for smooth running of its business operations. The hotel has formulated strategic security policy to protect data and information assets. This policy involves the security and management of the Choice Hotels International’s information assets (Kim, Lee and Ham 2013). It is notable that besides information technology (IT) department everybody must also take the responsibility of information security. A security strategy can be considered as successful if it includes every stakeholder and can develop persistent processes and strategies to motivating users in taking ownership and help build a strong security policy.
The hotel management must reassure their customer that digital security is as important as physical security and the customer information must be secured against any potential/cyber threats. However, the following information security principles must be followed to implement all the above strategic security policy
It is notable that if this information security policy is breached then it will be treated as misconduct and accordingly compliance will be enforced.
The following threats are that are generally faced by the hotel’s network.
To mitigate and prevent attacks on hotel networks and hotel customer the following security policy can be used. The chances of information theft can be minimized by taking these considerations into account. The hotel management and IT team should perform the following:-
1) Caution signs must be displayed at front desks as well as in rooms to remind the following to the guests.
2) To secure customer’s personal information, hotels must configure all its networks and servers with data encryption so that any entered information through hotel forms on the hotel login page are transmitted in encrypted format. In this measure, during the sign-up or login process the secure socket layer (SSL) technology protects the customer’s personal information and safe data transmission is ensured. In addition, to protect the customer data many hotels also uses 256-bit data encryption with validated security certificate (Karagiannis et al. 2015).
3) Hotels must implement threat intelligence feeds. Such feeds contain real-time threat reports and data breach notification that indicate which customers have already been targeted or will be targeted in future. The generating reports are analyzed to prevent attackers from re-targeting the guests in the future.
4) Using virtual private network (VPN) whenever connecting to hotel Wi-Fi can block DarkHotel malware attack. Unless a wireless traffic is not routed through a VPN, then such traffic can be sniffed by any hacker. VPN prevent the interruption of sensitive data by hacker through encryption of all the digital communications (Border, Dillon and Pardee 2015).
5) Hyper Text Transfer Protocol Secure (HTTPS) implies browser’s security and by using this extension, the browser can be forced to secure connection. HTTPS are used by websites, email services, cloud application and such system display a locked padlock in the browser to indicate the automatic encryption of user data. However, encryption for all websites can be activated by using this extension (Fielding and Reschke 2014).
6) Virtual local area network (VLAN) must be used whenever possible as it is safer than Wi-Fi and it is also password protected. Some hotels charge customer for wired internet services or high-speed Internet. A hotel without a VLAN service would likely offer a Wi-Fi connection. Use of credit / debit cards and sensitive information must be avoided on wireless networks and where possible Ethernet must be used as it provides security (Udutha and Rapeti 2015).
7) Security program such as firewall must be activated before connecting to the web via hotel networks. Firewalls are generally present in most operating systems (OS) and antivirus programs. Firewall prevents hacking and malware attacks by blocking the unauthorized system access. The data that can and cannot be transmitted from the system are also regulated by firewall (Suh et al. 2014).
8) Before check-in into the hotel, the customer must update his/her OS security and ensure that antivirus, anti-malware that are running on the device are completely updated. During web surfing on hotel network, any offer on the unsolicited software update must be avoided.
9) The configuration of all the network and security devices must be secured. A backup copy of tested and updated configuration must be stored so that it can be used in case of any disaster.
10) All network devices must be synchronized by configuring the network time server.
11) Finally, all systems must conform and include the following things.
References:
Alsharnouby, M., Alaca, F. and Chiasson, S., 2015. Why phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies, 82, pp.69-82.
Border, J., Dillon, D. and Pardee, P., Hughes Network Systems LLC, 2015. Method and system for communicating over a segmented virtual private network (VPN). U.S. Patent 8,976,798.
Fielding, R. and Reschke, J., 2014. Hypertext Transfer Protocol (HTTP/1.1): Authentication (No. RFC 7235).
Karagiannis, V., Chatzimisios, P., Vazquez-Gallego, F. and Alonso-Zarate, J., 2015. A survey on application layer protocols for the internet of things. Transaction on IoT and Cloud Computing, 3(1), pp.11-17.
Katz, G., Elovici, Y. and Shapira, B., 2014. CoBAn: A context based model for data leakage prevention. Information Sciences, 262, pp.137-158.
Kim, H.B., Lee, D.S. and Ham, S., 2013. Impact of hotel information security on system reliability. International Journal of Hospitality Management, 35, pp.369-379.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering attacks. Journal of Information Security and applications, 22, pp.113-122.
Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.
Obes, J.L., Yamada, C.E.S. and Richarte, G.G., Core Security Technology, 2013. System and method for extending automated penetration testing to develop an intelligent and cost efficient security strategy. U.S. Patent 8,490,196.
Rao, R.V. and Selvamani, K., 2015. Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, pp.204-209.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. Computers & Security, 56, pp.70-82.
Shen, W., Yin, B., Cao, X., Cai, L.X. and Cheng, Y., 2016. Secure device-to-device communications over WiFi direct. IEEE Network, 30(5), pp.4-9.
Suh, M., Park, S.H., Lee, B. and Yang, S., 2014, February. Building firewall over the software-defined network controller. In Advanced Communication Technology (ICACT), 2014 16th International Conference on (pp. 744-748). IEEE.
Udutha, S.C. and Rapeti, M., Cisco Technology Inc, 2015. Preventing leaks among private virtual local area network ports due to configuration changes in a headless mode. U.S. Patent 8,989,188.
Vallivaara, V.A., Sailio, M. and Halunen, K., 2014, March. Detecting man-in-the-middle attacks on non-mobile systems. In Proceedings of the 4th ACM conference on Data and application security and privacy (pp. 131-134). ACM.
Venkatramulu, S. and Rao, C.G., 2013. Various solutions for address resolution protocol spoofing attacks. International Journal of Scientific and Research Publications, 3(7), p.1.
Yan, Q. and Yu, F.R., 2015. Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine, 53(4), pp.52-59.
We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.
Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.
Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.
Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.
Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.
Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.
We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.
Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.
You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.
Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.
Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.
You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.
You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.
Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.
We create perfect papers according to the guidelines.
We seamlessly edit out errors from your papers.
We thoroughly read your final draft to identify errors.
Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!
Dedication. Quality. Commitment. Punctuality
Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.
We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.
We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.
We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.
We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.