IT Security Management Report: Online Booking and Payment Systems

Verified

Added on 2023/02/01

AI Summary

This report provides a comprehensive overview of IT security management, focusing on the implementation of online booking and payment systems within a restaurant. It begins by addressing the critical need for contingency planning to mitigate risks such as fraud, data breaches, and identity verification issues, emphasizing the importance of customer data integrity and privacy. The report then explores essential security tools, including firewalls and antivirus software, highlighting their roles in protecting against unauthorized access and malware. Furthermore, it delves into the Information Security Act, outlining the importance of reasonable steps to protect personal information. The report concludes with a detailed security management policy, outlining standards, procedures, and guidelines for maintaining a secure e-booking and payment system. This includes considerations for operating systems, servers, databases, and antivirus software, along with procedures for implementation, employee involvement, and reporting of security breaches. The references section provides a list of sources used to support the analysis and recommendations.

Running head: IT SECURITY MANAGEMENT
IT SECURITY MANAGEMENT
Name of the Student
Name of the Organization
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
IT SECURITY MANAGEMENT
Section 1: Contingency planning
An appropriate contingency planning is to be developed for the particular restaurant and
some issues may rise which will be a part of contingency. Several chances remain as several
accounts which will be created may suffer from either fraud cases or some other operational
problems. This may exploit all the novel characteristics of all the new methods of payment.
There is a huge requirement for developing a structure as well as vocabulary for examining
properly how several new technologies of payment affect the risk, particularly as the payment
will be shifted from paper based to an electronic form [1]. The emerging methods of payment of
the restaurant may face several risks like fraud, illicit use and data security breaches. If there is a
failure to control such risks, then it will definitely lead to a huge rejection within the market.
Integrity of the data of payment is very much important for not only forming a safeguard against
several fraud cases, but also for the maintenance of the privacy of several customers of the
restaurant. Therefore, there will be several rules as well as regulations which will be introduced
for preserving the privacy of several customers and this step will encourage both broad spread
participation as well as enhancement if the system’s value to all the customers.
There may be chances that the new implementation of the feature of online booking as
well as payment methods bring with it several other issues as well. There may be an absence of
an online verification of identity. This challenge can be easily solved by proper verification of
the information of the customers. Delivery of an Omni channel service to the customers is also
another issue which can be prevented earlier by the equipment of a particular team with an
appropriate technology [2]. Redesigning of the order cart must also be considered for making
sure about the fact that there are no bugs or some other clingy form process of filling which is

2
IT SECURITY MANAGEMENT
totally unnecessary. Maintaining the loyalty of the customers is one of the most important points
which is to be considered. For earning the loyalty of the customers towards online deliver as well
as online payment, an excellent customer service is to be provided. Starting from ordering online
till shipping, all the customers must be satisfied with the quality of service.
Section 2: Security Tools
Firewall- As it has been noticed that both hacking as well as cyber criminals have become very
much sophisticated and defences have also become very much stronger, firewall forms the most
core of several tools of security and it is considered as one of the most important security tool
than others [4]. It is capable for blocking any kind of access which is not authorised for the
system. Firewalls are very much effective for detecting huge majority of malicious attacks on the
business. The firewall will be helping a lot in monitoring the network traffic as well as several
attempts of connection, by deciding on if they are capable for passing freely onto the network of
the business. Investment of cost must be made upon firewall security for the introduction a
starting system within the restaurant.
Penetration testing- This is basically a very important way for testing the security systems of
the business and during this particular test several professionals use similar techniques which are
used by several criminal hackers for checking all the vulnerabilities which are potential. They
also checks several areas of weakness and this test is particularly an attempt for simulating the
type of attack which the new system may face from all the criminal hackers involving both
cracking of passwords as well as injection of code to phishing [3]. Depending upon the
complexity of the network, tests often vary in both price as well as length and the cost of
network penetration testing depends upon these factors.

3
IT SECURITY MANAGEMENT
Antivirus Software- It helps in giving alerts related to both virus as well as injections of
malware and many others can also provide with extra services like scanning of emails for
ensuring that they are totally free from several attachments which are malicious. Hence, both
strong firewall as well as an up to date antivirus software are very much essential for maintaining
security. But for a starting of new system of online booking as well as payment system, anti-
virus software can be very expensive.
Section 3: Information Security Act
Information Security Act forms a guide which aims at assisting the business of the
country and those who are carrying on business within the country for interpreting the continuing
need under the Act of Privacy. Several reasonable steps are undertaken under the act for
protecting all the personal information which are hold by any particular business [6]. There is an
obligation for taking several steps which are reasonable for protecting information from loss,
misuse or rather any kinds of access which are not authorised. There is even an addition of a full
new obligation for protecting the information from the interference. This act acknowledges
several steps for protecting personal information and depends upon the particular circumstances
involving the entity’s nature, holding information, nature as well as the quantity of personal
information, ease of the implementation of the measures of security as well as risks to
individuals if personal information is not that much secure [10].
The act has raised the bar for considering reasonable steps for securing personal
information [5]. It comprises of governance, ICT security, breach of data, training personnel,
policies within the workplace, physical security, life cycle of the information and monitoring as
well as reviewing.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
IT SECURITY MANAGEMENT
Security 4: Security Management Policy
Policy Name
Restaurant e-booking and payment security standards
Policy Statement
The policy ensures that all measures which are reasonably practicable are taken for
delivering proper security in case of several e-booking and payment issues.
Purpose
The purpose of the policy is to detail all aims as well as responsibilities for an effective
management of the full new e-booking and payment method and maintain security in relation to
several issues which may arise from such an implementation of a new system.
Scope
The policy will be able to protect several assets of personal information of all the
customers from any kind of threats which are either internal, external, accidental or rather
deliberate. All the information involving personal details will be treated with high confidentiality
as well as integrity. It will be safeguarding the security of the assets of the information with the
help of effective continuity management of the business [8]. It will be even increasing the staff
awareness of the management of information security with the help of both training as well as
education.
Standards
Operating system- Licenced OS

5
IT SECURITY MANAGEMENT
Server- Integrated with security protocols
Database- Secure and less complex
Antivirus- Updated as well as licensed antivirus
Procedures
With the help of the support which will be provided by the management of the restaurant,
the new policy will be implemented [7]. Involvement of the employees will be very much
important for this implementation. All the policies are to be properly communicated in both
structured as well as systematic way. All polices will then be implemented, followed up and
several barriers will be removed.
Guidelines
Several concerns or suspects regarding several breaches which may arise must be directly
reported to the all the persons who are authorised involving the administrator of the system as
well as the investigator [9]. The committee of the management of information security will be
responsible for both documenting as well as maintaining management system of information
security.

6
IT SECURITY MANAGEMENT
References
[1] R.H. Al-Dmour, R.E. Masa'deh and B.Y. Obeidat. Factors influencing the adoption and
implementation of HRIS applications: are they similar?. International Journal of Business
Innovation and Research, 14(2), pp.139-167,2017.
[2] E. Makki and L.C Chang. E-commerce in Saudi Arabia: Acceptance and implementation
difficulties. In Proceedings of the International Conference on e-Learning, e-Business,
Enterprise Information Systems, and e-Government (EEE) (p. 1). The Steering Committee of
The World Congress in Computer Science, Computer Engineering and Applied Computing
(WorldComp), 2014.
[3] J. Andress and S. Winterfeld. Cyber warfare: techniques, tactics and tools for security
practitioners. Elsevier, 2013.
[4] T. Mahmood and U. Afzal.December. Security analytics: Big data analytics for
cybersecurity: A review of trends, techniques and tools. In 2013 2nd national conference on
Information assurance (ncia) (pp. 129-134). IEEE, 2013.
[5] T. Sahama, L. Simpson and B. Lane. Security and Privacy in eHealth: Is it possible?. In 2013
IEEE 15th International Conference on e-Health Networking, Applications and Services
(Healthcom 2013) (pp. 249-253). IEEE, 2013.
[6] K. Hardy and G. Williams. Terrorist, Traitor, or Whistleblower-Offences and Protections in
Australia for Disclosing National Security Information. UNSWLJ, 37, p.784, 2014.
[7] C. Dsouza, G.J. Ahn and M. Taguinod. Policy-driven security management for fog
computing: Preliminary framework and a case study. In Proceedings of the 2014 IEEE 15th

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IT SECURITY MANAGEMENT
International Conference on Information Reuse and Integration (IEEE IRI 2014) (pp. 16-23).
IEEE, 2014.
[8] R.P.S Ahuja and F. Lakhani McAfee LLC. System and method for data mining and security
policy management. U.S. Patent 8,447,722, 2013.
[9] D.P. Pearcy, J.A. Heinrich, J.J. Gaskins and C.A. Phillips McAfee LLC. Integrating security
policy and event management. U.S. Patent 8,839,349, 2014.
[10] N.S. Safa, R.Von Solms and S. Furnell. Information security policy compliance model in
organizations. Computers & Security, 56, pp.70-82, 2016.