Information Security – Measure, Manage, Maintain

Information security is often portrayed as very confusing and highly technical; however, it can be made very simple. Through the use of illustration, let’s examine how IT can parallel the building of a hotel.

Measure: The first step in building a hotel is to know what you want. What are the style of property, the size, the amount of rooms, the amenities etc.? It is also important to recognize that sometimes you have to make sacrifices from the optimal goal. There are time-to-market and budget considerations. Considering that, the outcome is to measure your wants and needs to create a realistic goal.

• With information security, it is essential to start with an IT strategy document. To create this document, you must measure your current state through the use of standards. A widely accepted standard for evaluating technology systems is the National Institute of Standards and Technology (NIST). Using this framework, one can get a baseline of where your company’s current technology posture is, and what needs to be addressed before moving forward. We often recommend that this assessment be performed yearly to know what has changed and needs to be addressed.

Manage: The second step, based on the identified objectives is to find an architect who can design the building and manage the process. They will create the blueprints, advise on permits, and help with a contractor who will actually build the structure and oversee issues and changes that inevitably will occur.

• The technology landscape is one that constantly changes. Because of this, it is important stay abreast of nuances in security and technology, and be versed in adapting to these changes. Many times, IT professionals look for assistance through the use of outside professionals to serve as a Virtual Security Officer. This person can advise on technology, policy and privacy laws that are impacting organizations today.

Maintain: Finally when the hotel has been measured, managed and is now ready for clients, the last challenge remains: “Maintenance.” From landscaping to building upkeep, there are constantly items that have to be looked after and addressed. If management does not keep their standards high, bookings will gradually slow and cause financial strain on the business.

• With technology, equipment also only lasts for so long. It is important not only to change equipment on a regular basis, but to monitor how the equipment is performing 24x7. There are tools that will “listen” to technology equipment and alert you when an issue surfaces. Once such tool is called a SIEM (Security Information Event Management). Using the right technologies can not only help maintain equipment, but can also predict impending failures, thus eliminating any downtime.

In summary, building a hotel and building an IT infrastructure are very similar. To be successful you must measure, manage, and maintain the environment. It also has to be systematically and methodically assessed to achieve the highest level of success.

Hospitality Intelligence

• EisnerAmper Q&A with Alessandro Zampedri, Co-Owner, Bowery House
• Information Security - Measure, Manage, Maintain