4.

1 Critically analyse the importance of security in the implementation of

technology for the tourism and hospitality industry

Data security is based on the protection of private data against unwanted access
by third parties or malicious attacks and data use. It is designed to protect
private data using various mechanisms and tools to maintain the security of
data.

IMPORTANCE OF DATA SECURITY IN TOURISM AND HOSPITALITY INDUSTRY:

IDENTIFY
The very first stage in securing an organization against a data infringement is to
identify the kinds of data that must be secured. According to the 2018 Verizon Data
Breach Investigations Survey, payment data obtained the most exposure in the
accommodation and food services sector, with more than 90% of all details breaches
including payment card privacy. Since evaluating all the processes and finding vital
details, the research is not complete. A comprehensive data list needs to be created,
plotted and updated regularly. The list should contain in a stock list data and
technological resources and should mention where the information and technology
are kept and who has access to them. Therefore, several backups, including backed-up
off-site, of this report should be preserved.

E-Tourism and Social Media Mriganga Barman

PROTECT
Training staff is a key to safeguarding an organization against a cyber attack. The very
first phase of security is staff who must be educated and knowledgeable about the
different attack forms that can be carried out against the company. In the catering and
lodging services sectors, phishing and ransomware comprise the majority of attacks.

DETECT
The early detection of a cyber security incident is important for the long-term impact
prevention. Infringements of data may occur in several ways. When planning for
protection and identification, it is critical that an organization is conscious of the
various kinds of infringements. Most attacks involved ransomware and phishing
threats in the accommodation and food services industry.
- Companies should be aware of the risks to their company and use the best
technology, processes and software for data security to help track and prevent cyber
attacks. Training is again a vital aspect Staff must be trained to detect and notify to the
relevant people in the company of any suspicious activities.

E-Tourism and Social Media Mriganga Barman

RESPOND
An appropriate action strategy is essential for all companies. Organizations that are not
adequately prepared for an appropriate action plan will not be prepared for an alleged
attack.
- First, a separate team should be formed for reliable and Effective handling and
response. The team must include experts, administrative and policy decision-makers,
such as a CEO and CFO, as well as operations personnel, such as corporate relations staff,
audit and enforcement.
- Secondly a risk assessment system should be established before an issue arises,
including a plan focused on the causes and urgencies of the various event types. This
structure must include the planning, evaluation and analysis of incidents, coordination,
control and elimination of influences, recovery plan and practice following the attack.
Any third parties involved, such as data protection lawyers and data security experts,
should also be specifically identified and directly outlined in the program.
- After an invasion of privacy occurs, representatives of the security team must be
assembled and the began of investigation.
- All incident-related information, including software, equipment, and server activities,
should be gathered to thoroughly examine and assess any legal liability and update the
procedure to be complied with.

E-Tourism and Social Media Mriganga Barman

RECOVERY
When an organization comes into a recovery stage, the cyber incident needs to be
handled immediately and is now fully restored to regular systems and activities.
Constant measures needs to proceed to minimize the cyber incident throughout this
phase, and focus are also on the potential and continuous progress over time. In order to
evaluate whether improvements are required, a company should analyze its networks,
practices and functions.

DATA SECURITY INITIATIVES IN INDIA’S TOURISM

The various government agencies functioning on data security are as follows:
National Informatics Centre (NIC):
- It is an agency offering the Central Government, State Governments, Union Territories,
Districts, and other branches of government with e-governance and server facilities. In
government institutions this mainly offers ICT facilities.
Indian Computer Emergency Response Team (Cert-In):
- This is the vital component of the cyber world in India. Essentially, via encryption
technology, it offers the key permission for cyber space and guarantees protections for
cyber space.
National Information Security Assurance Programme (NISAP):
- NISAP is primarily for government and for standard services. Under this scheme,
companies are obligated to enforce risk monitoring and notify Cert-In if security issues
arise. Cert-In establishes a committee that investigates the companies.
E-Tourism and Social Media Mriganga Barman
 REFERENCES

SLIDE-1
Data Privacy vs. Data Security [definitions and comparisons] – Data Privacy Manager. (2020, February 3).
Retrieved from
https://dataprivacymanager.net/security-vs-privacy/

SLIDE-2-4
Hospitality Financial and Technology Professionals(HFTP). (2018). Strategy for data protection and regulation
compliance.
Retrieved from
https://www.pineapplesearch.com/file/152008388.pdf

SLIDE-2-4
PR Newswire. (2018, July 23). Cyber security in Tourism - Thematic Research.
Retrieved from
https://www.prnewswire.com/news-releases/cybersecurity-in-tourism---thematic-research-
300684926.html

SLIDE-4
Peeyush Vyas, Cyber Security in India's Tourism:
https://www.ijraset.com/fileserve.php?FID=50

E-Tourism and Social Media Mriganga Barman

Thank You !

E-Tourism and Social Media Mriganga Barman