Of bsc. (Hons) Computing/ beng. (Hons) Software Engineering / bsc. (Hons) Business Computing Systems / bsc. (Hons) Data Science / beng. (Hons) Networking / beng

Page 1 of 4
BSc. (Hons) Computing BEng. (Hons) Software Engineering / BSc. (Hons) Business
Computing Systems / BSc. (Hons) Data Science / BEng. (Hons) Networking / BEng
(Hons) Computer Networking and Cloud Security / BEng (Hons) Computer Systems
Engineering and Robotics
Project Proposal Approval Form

Name in Full
Dilshan Fu Shan Kao
ESOFT Registration Nob bE158421
NIC Nob b
Course Name with
Specialization
BEng (Hons) Computer Networking and Cloud Security
Intake
February 2024
Batch No COL




Project Topic
Enhancing Cybersecurity measures fora Hotel Management System ( SANS
Holdings PVT LTD )

Brief description about your project

SANS Holdings PVT LTD is one of the fast-growing hotel chain in Sri Lanka since 2016. They are currently operating 3 hotels and 1 hostel at the moment. Which is Cao Ella, Café Bistro hotel and Restaurant, Hotel Levon and Mad Monkey Hostel. All the employees are more than 50 and the management system (ERP system and POS system) is running by the company called ‘STOREMATE’. Also it is a Sri Lankan cloud based product which is great. In an era where digitalization is transforming the hospitality industry, hotel management systems play a crucial role in ensuring efficient operations and delivering exceptional guest experiences. By optimizing operations and improving visitor experiences, the incorporation of Enterprise Resource Planning (ERP) technology into hotel management has completely transformed the hospitality sector. But moving to cloud-based ERP solutions comes with its own set of security issues, including those related to data breaches, illegal access, and compliance. The objective of this project proposal is to enhance the security stance of cloud-based ERP hotel management systems in order to protect confidential information, guarantee adherence to regulations, and efficiently address cybersecurity risks. However, just a virus guard and some minor security policies not enough for the modern day and management need some modern solutions for the modern problems. This project aims to enhance the cybersecurity measures of hotel management systems to safeguard sensitive guest information, maintain operational continuity, and protect the reputation of the establishment. Objectives

Page 2 of 4 Assess the current security posture of the cloud-based ERP hotel management system, identifying vulnerabilities, weaknesses, and compliance gaps. Develop and implement robust security protocols and controls to protect sensitive data, including guest information, financial records, and operational data. Enhance access controls and authentication mechanisms to prevent unauthorized access to the ERP system and associated cloud infrastructure. Implement encryption mechanisms to protect data both in transit and at rest within the cloud environment. Establish comprehensive monitoring and logging capabilities to detect and respond to security incidents in real-time. Provide training and awareness programs for hotel staff to promote cybersecurity hygiene and ensure adherence to security policies and procedures.

Scope of Work Conduct a thorough security assessment of the cloud-based ERP hotel management system, including infrastructure, applications, and data storage. Identify and prioritize critical assets, potential attack vectors, and compliance requirements relevant to the hospitality industry. Develop customized security policies, procedures, and guidelines tailored to the specific needs and regulatory requirements of hotel management systems. Implement technical controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions, to protect the cloud infrastructure and ERP applications. Deploy encryption mechanisms, such as data encryption at rest and in transit, to protect sensitive information stored within the ERP system. Establish logging and monitoring capabilities using cloud-native tools or third-party security information and event management (SIEM) solutions. Develop incident response procedures and conduct tabletop exercises to test the effectiveness of the response plan. Securing a cloud-based ERP hotel management system is critical to protecting sensitive data, maintaining operational continuity, and ensuring compliance with regulatory requirements. By implementing robust security measures and best practices, hotels can mitigate cybersecurity risks and safeguard their reputation and guest trust. This project proposal outlines a comprehensive approach to enhancing the security posture of cloud-based ERP hotel management systems, covering various aspects such as risk assessment, policy development, technical implementation, staff training, and ongoing support