Internal and External Security
Autor: Greek • March 31, 2012 • Research Paper • 1,564 Words (7 Pages) • 1,597 Views
Internal and External Security
The risk that the hospitality industry faces with respect to personal information is not only a function of the volume of information. It's also a function of the attractiveness of that information to cybercriminals (Griffin, 2011). Threats to the security of hotel assets can come from both internal and external sources. To protect assets adequately, programs must be in place to guard against these threats. This paper will identify the possible privacy issues for users both internal, such as malicious users, and external, like viruses or hackers, of an organization using word processing applications. It will distinguish between internal and external threats to the physical plant where the resources are located and to the virtual resources accessible electronically. Finally, the paper will discuss three resources or procedures that are available to protect these resources and how Human Resources' responsibilities help define and distinguish internal and external threats.
More and more features are being added to word processing applications and there an increased danger of exposing information with other users who receive the document electronically. Information such as who worked on the document, who commented the document, and email headers is ready available for anyone to use. Internally this can be an issue in the sense that one may not want others to know that they made comments or had concerns about certain things outlined in documents such as memos or other type of correspondence created using a word processing application.
Typically in the hospitality industry more than one user shares a computer with someone else because they work in a multi-user environment, such as the front desk, where it is possible for others on the network to gain access to the hard drive. Privacy issues that arise when using a word processing application are that one or more persons are not intended to have access or knowledge of information contained in certain documents created using word processing software. Documents such as invoices, memos, customer logs, etc. can contain private information that if in the wrong hands can cause problems. It is important that users in this environment use password protection on any private documents that contain sensitive information.
Sometimes, information is collected from individuals for one purpose but is used for another, secondary purpose without authorization from the individuals. Even if contained internally within a single organization, unauthorized use of personal information will very often elicit a negative response. Specific examples of such secondary, internal uses are for example, "sugging"--a practice in which data are collected ostensibly for research only to be used later for marketing purposes. Some studies have found that concerns about secondary use are exacerbated when personal information is disclosed externally to a third party (i.e., another organization). The most commonly cited examples of this concern are the sale or rental of current or prospective customers' names, addresses, phone numbers, purchase histories, categorizations, etc., on mailing "lists," which are often transferred between the organizational entities as digital files (Milberg, Smith, & Burke, 2000).
Computers are much more vulnerable to viruses and malware. Often documents created using word processing applications can contain macros that contain viruses and malware. This is both an internal and external privacy issue because these types of threats can come from anywhere. An employee with bad intentions and the proper knowledge to create macros can cause harm by installing macros in a word processing document as well as an external user who can simply send a document containing a macro to either pull information from the network or infect it with a virus.
These days one can't be too concerned about security. New threats to computers and private information are discovered every week. Metadata is created in a variety of ways within word processing documents and there is no single method to eliminate all such content from documents. This data can then be transmitted to other internal and external users and used in various ways that may pose a threat to one's privacy.
Internal and External Threats to the Physical Plant
Security is the practice associated with taking steps to protect the assets of a hospitality organization. Safety practices ensure the well-being of individuals, including guests, workers, and others who interact with a hospitality enterprise. Technology managers are responsible for the protection of data resources in the same way that security personnel engage in activities to protect physical assets and prevent harm to individuals. Continuous advances in technology provide assistance to individuals who are responsible for securing resources, physical property, and the safety of individuals. Physical plants consist of facilities used by hospitality enterprises to house the services provided to the guests of an enterprise. Physical plant management includes the functions of maintenance, repairs, and energy utility (Tesone, 2006). It is important that an organization distinguish between internal and external threats to the physical plant. According to Orbit-Computer-Solutions.Com (2012), there are 4 classes of threats to a network security: structured, unstructured, internal, and external threats.
These are threats that can be caused by individuals or