An Incident Handling Guide for Small Organizations in the Hospitality Sector

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 745)

Abstract

Security threats to small organizations are on the rise and many small organizations do not have the aptitude to address and properly responds to these incidents within their organizations. According to a 2016 Ponemon Institute survey of 600 small businesses, fifty percent (50%) had experienced a data breach and fifty-five percent (55%) had experienced a cyber attack in the past twelve months. Having an incident response plan is the most noteworthy cost-saving measure. The 2017 IBM and Ponemon Study found that organizations who can contain a breach in less than 30 days can save about $1 million. Hence, a small organization without an incident response plan is very likely to face great reputational damage and financial losses. The research methodology reviews current incident response frameworks, identifies relevant incident response guidelines and tailors the current and relevant frameworks into a small business-centric incident response guide that tackles threats the small hotels and casinos face.

Keywords

Incident response Hospitality sector Cyber threats Cyber security COBIT 5 Small organizations 

Notes

Acknowledgement

I thank the Lord Almighty for the strength and wisdom to undertake and complete this research. I also thank my advisors, Professor Bobby, Professor Shaun, and Professor Ron for all the ideas and encouragement they contributed to the success of the research; and to my family and friends for being supportive till the end.

References

  1. 1.
    Symantec: Internet Security Threat Report. Symantec Corporation, Mountain View (2017)Google Scholar
  2. 2.
    AusCert, New South Wales Police and Deloitte Touche Tohmatsu: Australian Computer Crime and Security Survey. Australian Computer Emergency Response Team, New South Wales (2002)Google Scholar
  3. 3.
    Aguilar, L.: SEC.gov | The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses. https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html
  4. 4.
    University of Connecticut: Cyber Risk for Small and Medium-Sized Enterprises. The Janet & Mark L. Goldenson Center for Acturial Research, Connecticut (2016)Google Scholar
  5. 5.
    Marquez, O.: The Costs and Risks of a Security Breach for Small Businesses. https://www.securitymagazine.com/articles/87288-the-costs-and-risks-of-a-security-breach-for-small-businesses
  6. 6.
  7. 7.
  8. 8.
    Corporations Returns Act, by enterprise size and by country of control (Enterprises). http://www.statcan.gc.ca/tables-tableaux/sum-som/l01/cst01/econ166a-eng.htm
  9. 9.
    JOBS, S.: What are the Different Sectors of the Hospitality Industry? https://www.soegjobs.com/2016/09/07/different-sectors-hospitality-industry/
  10. 10.
    Nussbaumer, L.: Relationships between the Hospitality Industry and the Touri. https://prezi.com/xrgpzgrqakh9/relationships-between-the-hospitality-industry-and-the-touri/
  11. 11.
    Terence, T., Ruighaver, T., Atif, A.: Incident handling: where the need for planning is often not recognized. In: 1st Australian Computer, Network & Information Forensics Conference. We-B center & ECU, Perth (2003)Google Scholar
  12. 12.
    Paulsen, C., Toth, P.: Small Business Information Security. http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf
  13. 13.
  14. 14.
    Symantec: Internet Security Threat Report. Symatec (2015)Google Scholar
  15. 15.
    Husin, J., Singh, D.: A quick cybersecurity wellness evaluation framework for critical organizations. In: 2016 International Conference on ICT in Business Industry & Government (ICTBIG). pp. 1–5. IEEE, Indore (2017)Google Scholar
  16. 16.
  17. 17.
    Shabani, N.: A Study of Cyber Security in Hospitality Industry—Threats and Countermeasures: Case Study in Reno. Nevada. University of South Florida, Sarasota-Manatee (2016)Google Scholar
  18. 18.
    Do not disturb: Managing Data Protection and Cyber Security in the Hospitality Sector - Pitmans Law. http://www.pitmans.com/news/article/do-not-disturb-managing-data-protection-and-cyber-security-in-the-hospitali
  19. 19.
    BakerHostetler: 2016 Data Security Incident Response Report. BakerHostetler, New York (2016)Google Scholar
  20. 20.
    Trustwave: Trustwave Global Security Report. Trustwave, Chicago (2016)Google Scholar
  21. 21.
    Evans, P.: 113 Canadian hotels in Holiday Inn chain hit by credit card hack. http://www.cbc.ca/news/business/holiday-inn-hotel-hack-1.4079202
  22. 22.
    Hiller, S.: Top 5 risks and security challenges for hotels in 2015 – eHotelier. http://ehotelier.com/insights/2015/01/23/top-5-risks-and-security-challenges-for-hotels-in-2015/
  23. 23.
    Pokladnik, M.: An Incident Handling Process for Small and Medium Businesses. SANS Institute InfoSec Reading Room (2007)Google Scholar
  24. 24.
    Kindervag, J., Holland, R.: Incidence Response. https://www.malwareincidentresponse.com/
  25. 25.
    Souppaya, M., Scarfone, K.: Guide to Malware Incident Prevention and Handling for Desktops and LaptopsGoogle Scholar
  26. 26.
    Simons, D.: Malware Incident Response Plan | Malware | Antivirus Software. https://www.scribd.com/document/28726696/Malware-Incident-Response-Plan
  27. 27.
    Handling Destructive Malware | US-CERT. https://www.us-cert.gov/ncas/tips/ST13-003
  28. 28.
    Randy, F.: STEP-BY-STEP: Incident Response for Today’s Top 3 Security Scenarios. Monterey Technology Group Inc., California (2017)Google Scholar
  29. 29.
  30. 30.
  31. 31.
    Malware Outbreak | Incident Response Playbooks Gallery, https://www.incidentresponse.com/playbooks/malware-outbreak
  32. 32.
    National Institute of Standards and Technology Special Publication 800-61: Computer Security Incident Handling Guide. National Institute of Standards and Technology (2012)Google Scholar
  33. 33.
    Cabrera, M.: Network DDoS Incident Response Cheat Sheet (by SANS). https://www.slideshare.net/Martinjcabrera/irm-4d-dos
  34. 34.
    Revuelto, S., Socha, K., Meintanis, S.: DDoS Overview and Incident Response Guide. http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf
  35. 35.
    TR12-001: Mitigation Guidelines for Denial-of-Service Attacks. https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2012/tr12-001-en.aspx
  36. 36.
    DDoS | Incident Response Playbooks Gallery. https://www.incidentresponse.com/playbooks/ddos
  37. 37.
    Andre, J.: A Handy Guide on Handling Phishing Attacks. https://blog.komand.com/a-layered-approach-to-handling-phishing-attacks
  38. 38.
  39. 39.
    Phishing | Incident Response Playbooks Gallery. https://www.incidentresponse.com/playbooks/phishing
  40. 40.
  41. 41.
  42. 42.
    Cobit 5 A business framework for the governance and management of enterprise. ISACA, Rolling Meadows, IL (2012)Google Scholar
  43. 43.
    Rocha, Á., Freixo, J.: Information architecture for quality management support in hospitals. J. Med. Syst. 39(10), 125 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Oluwadamilola Ogunyebi
    • 1
  • Bobby Swar
    • 1
  • Shaun Aghili
    • 1
  1. 1.Concordia University of EdmontonEdmontonCanada

Personalised recommendations