Society
HOTEL LOTTE believes
in mutual growth
with society
and the creation of value for all.
HOTEL LOTTE implements information security to protect information assets and guard the privacy of customers.
Information Security Principles
HOTEL LOTTE understands that one of its responsibilities as a global leader is to form genuine relationships with customers and achieve sustainability of the services that it provides, which requires information security as a fundamental element. As such, HOTEL LOTTE maintains current information security guidelines, operates information security teams, operates a council under its chief information security officer and chief privacy officer, and trains and certifies employees in information security. These and other information security measures enable HOTEL LOTTE to safely manage customer personal information and respond to security threats
Information Security and Privacy
Information Security Planning + Updates
- Planning and implementation of information security policies
- Operation of information security teams
- Planning and financing of information security
Information Security Audits + Improvements
- Inspection of information security activities
- Site screening (office environments, IT devices, etc.) for information security
- Management of third-party handlers of personal information
Information Security Risk Assessment + Solutions
- Group information security review
- Cyber attack simulation and vulnerability analysis
- Adoption of essential security solutions
Information Security Training
- Simulated cyber attacks
- Regular staff training
- Promotion of information security awareness(posters, newsletters, etc.)
Information Security Management Organization
Response to Information Security Breaches
HOTEL LOTTE has a framework in place for instant response to information security incidents. Its information security risk management activities form the basis for its information security measures, inspection of information security measures, and implementation of improvements necessary for a continuously improving capacity of response to information security breaches.
- Prevention
- Information security risk management based on information security policy
- Real-time monitoring, analysis, and reporting of information security risk
- Identification and control of information security risk
- Preparation
- Monitoring of real-time information sharing
- Systematic response to information security risk
- Regular training in different scenarios of information security risk
- Backup and countermeasures
- Response
- Immediate information security framework-based response
- Backup system and resource activation
- Enhancing external notification
- Recovery
- Procedure-based recovery
- Analysis of causes and IT system update
- Information security framework update
Training and Activities for Information Security
HOTEL LOTTE provides employees with information security training structured around the specific responsibilities that they perform at work. Upon completion of training, employees gain improved understanding of the importance of information security and how to best achieve information security.
Information security experts undergo regular mandatory training to keep their expertise current and at its peak.
HOTEL LOTTE employees are exposed to regular information security campaigns and simulated information security incidents to sharpen their awareness and enhance the capacity to respond effectively.
HOTEL LOTTE provides employees with information security training structured around the specific responsibilities that they perform at work. Upon completion of training, employees gain improved understanding of the importance of information security and how to best achieve information security. Information security experts undergo regular mandatory training to keep their expertise current and at its peak.
Information Security Certifications
HOTEL LOTTE and its components that provide customer service online, such as LOTTE HOTEL, LOTTE DUTY FREE, and LOTTE WORLD, maintain current information certifications issued by domestic and international authorities.
- 1) ISMS-P(Personal Information & Information Security Management System) : Certification for integrity of information security and privacy measures implemented domestically
- 2) ISO27001/27701(International Organization for Standardization): Certification for integrity of information assets and resources including personal information, based on global certification standards
- 3) PCI-DSS(Payment Card Industry Data Security Standard): Global standards-based certification for payment card security
HOTEL LOTTE’s information security framework consists of administrative, technical, and physical measures to collectively achieve robust information security.
Information Security Framework
Prevention of information leakage | Prevention of information security breaches | Intelligent response to cyber attacks | Preemptive response to new information security threats |
---|---|---|---|
|
|
|
|
Prevention of information leakage
- - DRM
- - Database encryption
- - DLP (ON/OFF)
- - Database access control
Prevention of information security breaches
- - NAC
- - APT response
- - App fraud response
- - WAF(Web Application Firewall)
Intelligent response to cyber attacks
- - Anti-ransomware solutions
- - Network separation
- - Multi-tier verification
Preemptive response to new information security threats
- - Server access control
- - White vaccine
- - EDR
- - Information security control
Privacy Framework
The personal information provided by customers to HOTEL LOTTE undergoes a lifecycle of handling consisting of the stages of collection, use, sharing, and deletion. HOTEL LOTTE ’s business activities, customer information databases, and specific departments involved in the customer information lifecycle are systematically managed.