Abstract
With the increase in information technology use, problems related to the security of these technologies have become significant. Businesses are required to acquire information, use information technologies, and rely on the information they collected to continue their presence. The requirement of information technology use and related security problems cannot be ignored by both individuals and businesses. One of the industries with large data pools is the tourism industry. Thus, the protection of personal or corporate information is a process that should be managed especially for businesses. In order for this management process to be successful, it is necessary for the corporations to have security policies that are supported by the senior management, possible to implement and understand, and accepted at all corporate levels. Thus, the present study aimed to explain the significance of information security, especially the security of the information in the tourism industry, which is as an important part of the service industry.
TopBackground
Before defining the concept of information, it is necessary to define the concept of data, which is a sub-concept of information. Canbek & Sağıroğlu (2006) defined data as unassociated knowns about a case, or in short, signals and/or bit streams in digital media.
Information is obtained by the analysis of the raw data by individuals. Individually stored information has no value. In order to acquire a value, information must be in interaction with information produced by others (Gürcan, 2014). Thus, valuable information should be protected.
In brief, information security includes the protection of confidentiality, integrity and accessibility of information (Doğantimur, 2009). Confidentiality means that the information is stored and accessible only by authorized individuals. Integrity is the storage of information without being corrupted, changed or deleted. Accessibility refers to easy access to information by authorized individuals (Tatar, 2015). These three conditions must be met in order to ensure information security. Violation of the confidentiality, integrity, and accessibility of stored information by unauthorized individuals (cyber security events or cyber-attacks) creates a major threat. Here, the threat is the probability of damage and requires taking measures (Bağcı, 2016).
Key Terms in this Chapter
Information: Communication or reception of knowledge or intelligence.
Data: Facts and statistics collected together for reference or analysis.
Information Security: The state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.
ISO 27001:2005: A specification for an information security management system which is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
Tourism: The act and process of spending time away from home in pursuit of recreation, relaxation, and pleasure, while making use of the commercial provision of services.
Knowledge: Facts, information, and skills acquired through experience or education; the theoretical or practical understanding of a subject.
Cybersecurity: Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.