Australian Institute of Higher Education
|Unit Name/Code||ISY3006 Information Security|
|Assessment Number||Assessment Three|
|Unit Learning Outcomes Assessed||LO3 - Research, develop, and document a basic security policy, and analyse, record, and resolve all security incidents|
LO4 - Identify and assess the threats to, and vulnerabilities of networks
|This assessment is designed to help students to research and analyze hot topics related to information security.|
|Detailed Submission Requirements||Submit a word document through Turnitin in the unit Moodle page|
|Length||Minimum = 1,800 words Maximum = 2,200 words|
|Report Type||Individual Report|
This is an individual assessment. This report gives you the opportunity to research, formulate, develop and document a basic security policy for a specific organization in Australia ECXEPT for BANKING/MORTGAGE organisation. Moreover, you are required to analyze, record, resolve security incidents and identify and assess the threats to, and vulnerabilities of the organisation’s networks. This report will use many of the concepts and techniques discussed in this unit throughout the semester.
Please note, you will need to either choose from the list of examples of the industries provided below or come up with your own idea for a chosen specific organisation.
Please discuss your chosen organisation and or ideas with your lecturer before you start your research. You must send the organization that you have chosen to your lecturer by Week 5. Please note you might NOT be allowed to choose the same or similar specific organisation as other in your class. You should aim at research, develop, and document answers to questions (a.) and (b.) below. Do not copy the examples of information security policies used in class!
You should state clearly:
(a.) Research, formulate, develop and document a strategic security policy for your chosen organisation based on the nature of the organisation and the stakeholders in the organisation.
(b.) Based on the security policy you have researched, formulated, developed and documented in the item (a.) above, identify and assess the potential threats and vulnerabilities of the company’s network and discuss how such threats and vulnerabilities can be mitigated based on your research.
Referencing and Plagiarism
All information in the report should be in your own words and not copied from other sources. Any idea used should be referenced appropriately according to AIH policies and procedures. The report will be submitted through Turnitin and similarities may attract large penalties according to AIH policies and procedures.
Please refer to the AIH Academic Misconduct Policy: http://www.aih.nsw.edu.au/content/1-home/8-more- info-tabs/3-official-policies/academic-misconduct-policy.pdf
It is essential to use IN TEXT referencing. If you are using the exact words from a reference then you must use quotation marks.
You can use Harvard Style referencing with numbers, with a listing at the end of the report. Microsoft Word has an EndNote plugin that makes this style very easy and clear to follow. https://library.sydney.edu.au/subjects/downloads/citation/Harvard_Complete.pdf
Formulation of Security Policy in Meriton Hotel
The importance of security upgradation has been felt across all sectors due to increasing threat perception. The hospitality sector deals with new guests and individuals on a daily basis making it extremely vulnerable to crime. Addressing this issue, major hotel chains have invested huge amounts in improving their security features. Meriton Hotel, in Australia is one such hotel and the research will try to observe areas where improvement is necessary and the formulation of this security policy will be discussed in detail.
The rise of tourism and travel industry has increased the importance of hotels owing to its large amount of facilities which it can provide. Domestic and International visitors come in large numbers during peak season and corporate meetings, banquet halls, anniversaries and live events are also celebrated in renowned hotels across the globe. In view of this, the security arrangements in hotels have become a major concern for its stakeholders (Ali, 2016). This is because of the increasing rate of crime like theft, hacking, and terror attacks etc that have created major setbacks for this sector. So this research will focus on the ways through which the security arrangement of Meriton Hotel can be properly arranged so as to prevent any untoward incident happening there.
Security policies in hotel is of utmost concern as there is a huge scope of miscreants barging in or data leak due to hacking which would divulge all the customer details in the public domain. Moreover, the staffs working in these organizations often tend to work with the sole purpose of earning extra money which leads to theft, crime and burglary. So the security planning for Meriton Hotel, Sydney has been done keeping all these factors in mind and a comprehensive security set up has been prepared for this hotel.
VPN or virtual private network
This type of network security system helps the authorized internet users to use a public network which is unsecured. With the help of a VPN, the users have all the benefits of a secure private network. All the data are encrypted which are transmitted between the network and the remote device. There are three types of virtual private network or VPN. They are,
The endpoints of the VPN are the software on the VPN concentrator for on a local computer. The VPN concentrator is a hardware which organizers innumerable VPN connections. All the traffic is directed to the VPN concentrator which is fully protected. In the second option, only a part of the traffic is directed to the secure VPN.
The Fireworks are hardware based or software based and after verification either accept or deny entry. Hardware firewalls are expensive and they require more expertise to configure and manage. The software firewalls protect the data in the device only. Most of the modern operating systems incorporate the software Firewall which is also known as the host-based firewall.
The network-based firewalls: They are rule-based Firewalls and required individual instructions to perform. Individual instructions are processed in a sequence which instructs the action of the firewall. The rule-based system is static and unable to do actions which are not configured.
Application based firewall: They are high level firewalls which are able to identify the applications that send data through the firewall and also decide which action to be applied. There is a special type of application sensitive firewall that carries HTTP traffic and even blocks the specific type of HTTP traffic.
The primary stakeholders of the organization are the investors or the owners of the organization. Harry Triguboff is the owner of Meriton hotel and the primary stakeholder of the organization. The guests and the customers of Meriton Hotel are also the primary stakeholders. The hundreds of employees of Meriton hotel are also very important and can be termed as primary stakeholders.
The secondary stake holders are the suppliers and the neighboring community of the Meriton hotel. The government of Australia is another important secondary stakeholder of Meriton hotel.
As guest are the main stakeholders of Meriton hotel hence the chances of theft and burglary remains high. Dealing with this the chief security officer of the hotel controls the access points (entry and exit) for preventing these crimes. The room key distribution and access to the rooms are vital parameters and hence the contractors, vendors as well as the suppliers are trained by the management (Chen, Ramamurthy and Wen, 2015). This helps in ensuring proper key distribution and allowing only registered guests to come in. The hotel has a team of 10 security personnel for 125 rooms across the complex. They are positioned in important angles, in areas where the CCTV cameras do not cover the visuals. Mostly during off-hours they are placed close to the access points for greeting people and preventing miscreants from entering the hotel compound. The Meriton hotel has a total of 150 surveillance cameras spread across the lawn, banquet hall, projector room, office suites, conference rooms and theatre spaces (Han, Kim Y.J and Kim H, 2017).The increasing use of CCTV cameras has helped in reducing crimes not only close to the hotel area but in the overall city as well. With increased surveillance setups the management of Meriton hotel has been able to provide a secure and safe environment for the guests which will be helpful for improving the brand image of the otel and give competitive advantage.
Training of Hotel Staff
The number of staff available in the Meriton Hotel is 33 which include 3 front desk executives and other employees comprise of housekeeping staff, account manager and other positions (Hasrouny et al. 2017). So the employees are given mock exercises within every six months to make sure they can react fast in case of any eventuality. Terror attacks, gang violence and any other form of danger can only be averted if the employees have previous knowledge and expertise in dealing within. Scenario based training in fire safety, abusive and violent behaviour, malfunctioning of fire alarm or CCTV or telephone are all taken care of and the staff members are trained extensively to react quickly in anything that happens within the compound.
The management of Meriton Hotel has been advised to introduce full-proof security cover through security cameras installed in docks, lounges, parking area and is monitored 24X7 by the security agencies hired to indulge in surveillance. Lights are placed at all important junctions and the security chief uses the night vision goggles in case of power failures or any extraordinary situations to make it sure that there is no major faults or accidents on the part of the hotel (Huang et al. 2016). The hotel also helps women, children and aged guests by booking cabs while going out so that disruptive persons do not disturb them. Moreover, international tourists who are vulnerable in Sydney are guided by telling those exact fares, route, tracking GPS and other monitoring process to help them avoid any kind of fraudulent activities as well as financial risks.
Meriton hotel collects detailed information from every single guest through their government ID cards and takes in fingerprints and live pictures, verifies address, phone number, profession and intention of visit (Hwang et al. 2017). This is done through questioning even though some visitors feel annoyed by this initiative. Background checks are conducted through police verification of the employees to make sure that no individuals without the required credentials will be able to able to enter the hotel premises. In cases of crime it becomes easier for the administration to get hold of those involved in the crime. Overall Meriton hotel physically goes to the household of every staff to make it sure nothing beyond their knowledge is present inside the hotel suite which has improved the safety level of guests and improve the overall rating of the hotel in terms of security (Johnston et al. 2016).
Meriton hotel continuously educates the guests about the safety and security features through briefing, manual handbooks and messaging. Instruction are given on the ways through which the hotel Wi-Fi can be accessed without mentioning unnecessary details, keeping the wallet, mobile phones and laptops safe in their room, always locking the room while going out, keeping the emergency numbers for difficult situations and minimal use of financial details with any unknown person or staff (Johnston, 2016). These instructions take a long step forward in curbing crimes and frauds as most of the fraudulent activities happen when the guests are not careful enough in their approach towards safety.
In recent times, the hoteliers faces a multiple types of security issues and looks to mitigate them for making it a secured stay at their places. The top most potential threats that a visitor might face have been discussed below.
Identity of a person along with his/her credit card details is always at risk once he/she gets into a hotel. Many criminals look to hack into various hotel networks in order to acquire or steal vital information about the hotel guests (Lowry et al. 2015). This often leads to several heinous crimes like credit card frauds. This thing is going on for many years and its need to be stopped. Every day, thousands of such cases are being filed at the police stations and it is going on increasing at an alarming speed. Credit card frauds and other related point-of-sale attacks can hurt the guests most as the loss is financial where the margin can be beyond your expectation (Safa et al. 2015).
The cyber crime attacks are the most vulnerable threats which the hoteliers are facing. The crimes including APT (Advanced Persistent Threats) and phishing has easily bypassed the securities and went on to steal vital information (Magalhaes et al. 2017). The Wi-Fi network of the hotels often lacks the desired level of security for protecting the database of the hotel guests. Thus, the data inputs from guests are always at a high risk and needs to be fixed as soon as possible. Recently, the insurance industry is looking to offer various schemes to deal with cyber crime attacks. APT has been a serious issue for the business class guests (Safa et al. 2015). The Wi-Fi network of the hotel needs to be password protected and highly secured for restricting this form of invasions.
Lesser security audit cycles
The hotel industry is now growing at a much faster rate and a multiple number of hotels open up every day somewhere around the world. Each of them is dealing with various vulnerable security risks. In order to be in the safer side, the hoteliers look to hire security auditors to keep a check on this matter. The security audits needs to be done at regular intervals for enhanced safety and security (Silic, Barlow and Back, 2017). But, recently the number of security auditors has not increased in the same proportion with the number of new hotels being built worldwide. This has led to an adverse situation where auditing costs has gone up and they are might be of a lower quality. To minimize the cost, the hoteliers are skipping audit cycles, which is even more dangerous as this will create a bit of doubtfulness among the hotel guests and the investors.
Physical crime has been an area of concern for the entire hotel industry. There are multiple incidences of physical crime like public violence, armed robbery, Terrorism, Internal theft and black-outs (Tian and Wang, 2017). Public violence and terrorism are the sudden occurrences of a fiery event. So, if the security is not up to the mark then it might put the lives of the guests at stake. A common mode of physical crime is armed robbery where a group of burglars invades the hotel’s territory and tries to skip into a room in search of money or valuable things. But the most dangerous form of physical crime is internal risk. Here, the workers including waiters and the room attendees become a bit greedy and looks to steal pricey things (Huang et al. 2016). They can easily do this as they often visits each and every room when called for service. Black-outs are a situation where the electricity goes off and it gives rise to many of the above physical crimes.
Loss of competitive advantage
When there is a competition, there is a huge risk of losing your competitive advantage. So, when a major security incident has occurred in a hotel then it automatically hampers its reputation. Even, monetary issues may crop up as the recovery costs incurred is huge and often much more than the investment made till date. Now, if it catches the eyes of the media, then it will create a negative publicity among the people resulting into a huge loss in business in future (Huang et al. 2016).The worst-case scenario after such an incident is the sudden shutdown of the business likely due to an investigation, probe and for purpose of repair. Though it is temporary, but still it is a huge loss as many questions will be raised upon its reputation. For that the hoteliers need to take serious security precautions so that they can avoid such type of devastating situations.
The above mentioned risks put the hotel management under pressure and dealing with this the Meriton hotel has devised some policies. This includes putting in video recording cameras in important locations and training the employees so that the hotel can always have a competitive advantage over its rivals. Educating the guests, developing a security team for round the clock security and keeping an eye on the daily movement of staff, guests and outsiders are beneficial in solving the crime rate and other security issues. Meriton Hotel has been extremely cautious about improving the documentation of the clients so that unauthorized access can be easily prevented within the hotel compound.