Search results

This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.

Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.

The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.

This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.

The purpose of this paper is to explore the main barriers and key issues that the hotel industry professionals face during the Payment Card Industry Data Security Standards (PCI DSS) compliance process. This paper will help to understand weaknesses and gaps in the PCI compliance process within the hotel industry that will provide a foundation to develop strategies and methods to address those issues in the future.

The paper presents an exploratory study using a two‐stage design. The first stage of the study was designed utilizing the Delphi technique to identify the issues that take place in the PCI compliance process in hotels. After analyzing the results of the first stage of the study, a list of PCI issues was compiled and incorporated in the web hosted questionnaire. In total, 30 hotel executives participated in the second stage of the study providing their evaluation of the importance of the identified PCI compliance issues.

A list of 20 PCI compliance issues that hotel executives face during the process was compiled as an outcome of the first stage of the study. The second stage of the study showed high‐financial cost of implementing and maintaining, lack of qualified staff, inadequate staff training, ambiguous terms in PCI DSS language, and lack of vendors' support and compliance to be the top five issues in PCI compliance in hotels.

The paper provides a useful insight into the issues that take place in the hotel industry during the PCI compliance process. This field has not been studied well in the literature. This paper presents the problems in PCI compliance that need to be addressed in order to make the process more efficient and effective.

This study aims to examine the utilization of Front of House (FOH) and Back of House (BOH) technology applications in different types of US restaurants along with their level of IT management and explore the importance of these technology applications to restaurant operations.

Survey data were collected from 500 randomly selected restaurant technology managers who subscribe to Hospitality Technology Magazine. The sample group represented 67,299 restaurant units. Data analysis was organized into three parts (descriptive, exploratory factor analysis, and independent samples t-test).

For FOH, the top-five point of sale (POS) technologies used are POS hardware, touchscreen, POS software, gift card integration and integrated credit card swipe into POS. At the BOH, the top-five POS technologies used are accounting/financial software, enterprise reporting, inventory management software, kitchen printers and company intranet.

This is one of the first studies to include a variety of technologies used in restaurants. Most existing studies focus on a single technology or a small number of them. However, this study provides an overall perspective on a variety of restaurant technologies from FOH to BOH. It also includes mobile POS technologies.

本论文旨在研究美国各种类型饭店的前厅（FOH）和后厨（BOH）的各种科技应用系统以及其信息科技管理水平, 此外, 本论文还分析了这些科技应用对于饭店运营的重要性。

本论文采用问卷采样形式, 从订阅了酒店科技杂志（Hospitality Technology Magazine）的饭店科技经理中随机抽取500名经理为问卷样本, 此样本代表了67,299家饭店。数据分析方法共分为三个部分（描述型、因子分析、和独立样本t检定）。

对于FOH而言, 排名前五的POS科技包括POS硬件、触摸屏、POS软件、礼品卡管理、和信用卡与POS系统链接。对于BOH而言, 排名前五的POS科技包括会计/财务软件、企业报表、库存管理软件、厨房打印机、和公司内网。

本论文是仅存的几篇研究多样饭店科技的文章之一。大多数文章只是关注一种或者少数几种科技。然而, 本论文提供从FOH到BOH多种饭店科技的分析研究, 包括移动POS科技等。

关键词 饭店科技、前厅科技、后厨科技、移动POS

The primary purpose of this study is to investigate the impact of information security breaches on hotel guests' perceived service quality, satisfaction, likelihood of recommending a hotel and revisit intentions.

Five‐hundred seventy‐four US travelers participated in this experimental study. The respondents were exposed to one of three different scenarios: “negative”, where an information security breach happened in the hotel where a person stayed last and guest information was compromised; “neutral”, where an information security breach happened and guest information remained safe; and “positive”, where participants were told that the hotel where they last stayed successfully passed a comprehensive security audit, meaning that their guest information is properly handled and secured.

The results of the study revealed a significant impact of the treatments on three of the four outcome variables: satisfaction, likelihood of recommending a hotel, and revisit intentions. Information security breach scenarios resulted in a negative impact on the outcome variables regardless of whether or not the guest's credit card information was compromised. A positive scenario revealed a significant increase in guest satisfaction and revisit intentions scores.

The findings of the study provide clear indication that hotel operators must continually strive to keep the sensitive data that is collected from their guests secure, and that failure to do so can have significant negative ramifications on current and future guests. The results also suggest that hotels should openly publicize their achievements in the field of PCI compliance.

The study contributes to the body of knowledge on the importance of credit card information security breaches to hotel guest satisfaction and future behavior. To date, this is the only study that has investigated this topic in the hospitality industry, and it therefore makes a significant improvement towards the understanding of the impact of information security breach on hotel guest perceptions and future intentions.

In November 2005 Fidelity Homestead, a savings bank in Louisiana, began noticing suspicious charges from Mexico and southern California on its customers' credit cards. More than a year later, an audit revealed peculiarities in the credit card data in the computer systems of TJX Companies, the parent company of more than 2,600 discount fashion and home accessories retail stores in the United States, Canada, and Europe.

The U.S. Secret Service, the U.S. Justice Department, and the Royal Canadian Mounted Police found that hackers had penetrated TJX's systems in mid-2005, accessing information that dated as far back as 2003. TJX had violated industry security standards by failing to update its in-store wireless networks and by storing credit card numbers and expiration dates without adequate encryption. When TJX announced the intrusion in January 2007, it admitted that hackers had compromised nearly 46 million debit and credit card numbers, the largest-ever data breach in the United States.

After analyzing and discussing the case, students should be able to:

• Understand imbedded operational risks

• Analyze how operational risk decisions are made in a firm

• Understand the challenges in the electronic payment transmission process, which relies on each participant in the process to operate best-in-class safety systems to ensure the safety of the entire process

• Recognize the sophistication of IT security threats

Understand imbedded operational risks

Analyze how operational risk decisions are made in a firm

Understand the challenges in the electronic payment transmission process, which relies on each participant in the process to operate best-in-class safety systems to ensure the safety of the entire process

Recognize the sophistication of IT security threats

This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.

Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.

This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation’s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.

This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.

Information professionals are increasing called upon to provide access and services for information that, by its nature, must be restricted to certain uses or classes of individuals. This paper aims to explore the six major compliance regulations in the USA that information professionals should have a basic understanding of to manage a restricted information environment effectively.

This paper is a general review of laws and requirements in the USA related to information security that may affect information professionals in their work.

The world of information security is complex and there are multiple laws, guidelines and standards that apply. For information professionals managing or deploying digital repositories or information archives, all of these need to be considered because plans and systems are being developed. Information professionals will increasingly be called upon to lend their expertise to emerging preservation problems related to restricted data, so understanding the basics of information security law is a requirement to successful information practice.

This is the first general overview of this area of information practice.

The purpose of this paper, which is based on author's PhD study, is to analyze the trends in credit card fraud prevention in the USA, the UK, Australia and Indonesia, particularly over the period 2003‐2007, with special focus on the fraud prevention practices in the payments systems.

This study uses primary and secondary data particularly from the payments systems of the USA, the UK, Australia and Indonesia to conduct historical and benchmarking analyses to highlight the trends in credit card fraud prevention in the four countries.

The study establishes that a common approach in preventing credit card fraud is reducing offenders' opportunities to commit their offences, which often require significant amount of resources and thus sound strategy needs to be properly formulated and executed. Referring primarily to the practices in the USA, the UK, Australia and Indonesia, resources are mainly allocated to six key areas of fraud prevention: understanding of the real problems, fraud prevention policy, fraud awareness, technology‐based protection, identity management and legal deterrence. These are supported in principle by four main groups in a payments system: user, institution, network and government and industry.

The paper provides insights into the nature of credit card fraud, as well as a framework for designing a sound credit card fraud prevention strategy in a country's payments system.

The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and causes, comparing breaches within the industry with those of other industries and identifying areas of concern.

A sample of data breach incidents is drawn from the Verizon VERIS Community Database (VCDB). Statistical comparisons between hospitality and non-hospitality industry firms are conducted following the Verizon A4 threat framework.

The results reveal that breaches between hospitality and non-hospitality firms differ significantly in terms of actors, actions, assets and attributes. Specifically, proportions of breaches in the hospitality industry are larger in terms of external actors, hacking and malware, user devices compromised and integrity violations. Additionally, compared to other industries, point-of-sales (POS) system breaches occur at a higher rate in the hospitality industry. The study finds that company size, hacking and malware predict the likelihood of a POS breach.

The study uses secondary data and does not include the entire universe of data breaches.

In the quest to reduce data breach incidents, it is imperative to identify and assess the nature of data breach incidents between industries. Doing so permits the development of targeted industry-specific solutions rather than generic ones. This study systematically identifies differences between hospitality and non-hospitality data security incidents and then suggests areas where hospitality companies should focus future attention to mitigate breach incidents.

本论文延展了现有文献, 检测了酒店业中的数据安全事故, 评估其起因, 比较其他产业和酒店产业数据泄露的区别, 以及找出关键区域。

样本数据为 Verizon VERIS 社区数据库（VCDB）中的数据泄露事件。研究遵循Verizon A4 危险模型, 对酒店业和非酒店业之间事件进行了数据分析比较。

研究结果表明酒店公司和非酒店公司的数据泄露在当事人、行为、资产、和属性方面, 有着很大不同。其中, 酒店业中的数据泄露比例在外部因素、黑客、病毒、用户端失灵、和违反道德方面比较大。此外, 相对其他产业, POS系统在酒店产业中的数据泄露概率较高。本论文发现公司规模、黑客、和病毒对POS数据泄露的影响有着重大决定作用。

本论文使用二手数据, 并未检测整体数据泄露数据。

为了减少数据泄露事件, 产业之间数据泄露事件属性的认定和评价至关重要。因此, 可以针对具体产业具体事件制定出特定的解决方案。本论文系统上指出了酒店和非酒店业的数据安全事件的区别, 以及指出哪些方面, 酒店业应该重点关注, 以减少未来数据泄露事件。

The purpose of this paper, which is based on author's PhD study, is to assess the efficacy of Indonesia's credit card fraud prevention from a strategic point of view, using a model of payments fraud prevention practice developed by the author based on similar practices in the USA, the UK and Australia.

Primary and secondary data, particularly from the payments system of the USA, the UK, Australia and Indonesia were used. Such data were collected by means of literature reviews and in‐depth interviews with payments system professionals.

The author establishes that credit card fraud prevention practice in Indonesia is still at a lower level of robustness than those in the USA, the UK and Australia. Deficiencies in the credit card fraud prevention practice in Indonesia are indicated, inter alia, by a lack of reliable fraud data collection, management and distribution mechanisms as well as a lack of effective and efficient identity management practice. Deficiencies and weaknesses in the system should be identified and action taken to make it more consistent with credit card fraud prevention practices of other countries.

The paper sees credit card fraud prevention practice in Indonesia as a function of many factors which influence one another, based on which the analysis is built.