Information security article critique: Hosp pms project description final

 Please note that this critical review is not just a summary of the content of the article, but rather your assessment, in agreement or disagreement, with no less than three or more than five of the author’s assertions made in the current events article. This assignment will be graded generally based on the following criteria:

a. Paper provides well-thought out arguments that defend your position in support or contradiction of the authors’ assertions. (60%)

b. Logical paper organization and structure with content that focuses on the subject article with minimal repeat of article details. (20%)

c. Correct use of grammar, punctuation, sentence structure, spelling, proper citations and references. (10%)

d. Paper follows guidelines for length, format, and layout. (10%) Your critical review should be 3-5 pages total in length including references with no cover page (typed, double spaced, using 12 pt Times New Roman font with 1″ margins).


2 SCENARIOS Scenario 1: Guest checks in, accrues incidentals

– Tokenization, P2PE, Network and User Analytics A guest checks in at the front desk, and the hotel clerk logs in to the PMS. The clerk checks the guest’s identification and finds that they are a member of the hotel’s loyalty program. The clerk finds an available room in the PMS, reserves the room, and swipes the guest’s credit card for incidentals. This process only takes a few minutes, after which the guest leaves for their room. The hotel clerk logs out of the PMS and/or locks the computer. In the background, the guest’s payment information is tokenized, such that after a transaction authorization is returned from the credit card network, a trusted third party stores all the actual cardholder data (defined by the Payment Card Industry Data Security Standard as cardholder name, primary account number, and expiration date) and issues tokens, which are stored in the hotel’s system. The hotel’s system can then use that token for when the guest accrues incidental(s) e.g. mini-bar usage, phone usage, room service, etc., as well as for the loyalty program. Any other non-payment data pertaining to the guest is encrypted and sent through encrypted channels to be stored in the hotel’s own databases or at the hotel’s third-party trusted SPs The hotel’s monitoring and analytics system produced no alerts or warnings because the hotel clerk’s activity within the PMS is consistent with a baseline, following a typical check-in process with no deviation, and the computer hosting the PMS was used exclusively for business purposes