Skip Navigation

Security Policy

Word count: 975 - Reading Time: 5 min

Last Updated On 11th August 2024

At HotelCrux, we are committed to maintaining the security and confidentiality of our user’s personal and sensitive information. We have implemented several measures to ensure the security of our website and systems. In this security policy, we outline the steps we have taken to protect our website and our users’ data.

Measures Implemented

We have implemented a number of measures to enhance our cybersecurity posture and ensure compliance with relevant regulations and standards. These measures include security and regulatory frameworks such as ISO 27001, the GDPR, the NIST Cybersecurity Framework (CSF), and the SANS Critical Security Controls (CSC), as well as web security measures such as DNSsec, hashing for data integrity and security, and the addition of security headers.

Security Frameworks

Adoption of SANS Critical Security Controls (CSC)

We have adopted the SANS Critical Security Controls (CSC) as part of our security policy in order to enhance our defenses against cyber threats. The CSC provide a set of recommended actions that we follow in order to protect our systems and data from potential vulnerabilities and attacks. These controls cover a wide range of areas including asset management, incident response, and network security, and help us to ensure the confidentiality, integrity, and availability of our systems and data. By following the CSC, we can effectively manage and reduce cybersecurity risks and maintain a strong security posture.

Implementation of NIST Cybersecurity Framework (CSF)

We have implemented the NIST Cybersecurity Framework (CSF) to enhance our cybersecurity posture and protect against cyber threats. The CSF provides a set of guidelines and best practices that we follow to manage and reduce cybersecurity risks. It covers a wide range of areas including asset management, incident response, and network security. Adhering to the CSF helps us to ensure the confidentiality, integrity, and availability of our systems and data.

Adherence to ISO 27001

We have implemented policies, procedures, and controls to ensure that our systems and processes are secure and compliant with this international standard for information security management.

Implementation of GDPR guidelines

We have implemented measures to ensure compliance with the General Data Protection Regulation (GDPR) and to protect and handle our users’ data in accordance with these guidelines.

Web Security Measures

Hashing for Data Integrity and Security

To ensure the security and integrity of the code on our website, we employ hashing to protect all scripts. Hashing is a process that takes data and converts it into a unique, fixed-size value called a hash. This allows us to verify the integrity of our scripts without storing the actual data.

To encrypt our scripts, we use the SHA-256 (Secure Hash Algorithm 256-bit), a widely-used and secure hashing algorithm that makes it difficult for attackers to alter the scripts without being detected.

Implementation of robust website security measures

We have implemented several security headers in our raw header files to help protect our website and our users’ data, including:

Use of DNSsec

By implementing DNSsec, we can ensure the authenticity and integrity of our DNS records. These records contain important information that directs traffic to the correct website or server. Using DNSsec allows us to verify that the DNS records have not been tampered with or altered, helping to protect our website and the data of our users.

Additionally, DNSsec can help to prevent certain types of cyber attacks, such as DNS spoofing and cache poisoning, by using cryptographic signatures to verify the authenticity of DNS records.

Other Measures

Encrypting Messages

To ensure the confidentiality of sensitive information, we have implemented encryption. In addition to encryption, we also use secure communication methods wherever available to further protect sensitive information. This includes using secure protocols for email and messaging, as well as secure connections for accessing and transferring data.

If you have any security concerns or need to report a vulnerability, you can use the provided PGP key to communicate with us securely. Avoid encrypting the subject of your message to prevent potential issues with message processing.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGNMc1ABCADXIN3XTabgukXxHHgYhtLZg6CGcPEN15ul5H1QCgKj/gNQrOop
EGBViFI8WFVwqfHRYHW7YFxVIo9d9BcJtGyLuz2BJrgZjfry3RpArzo+WLFDBZKu
Ai1q42L99jKUxi+L7e+51a7a6/Gbo1d/+d4cuargksWFPY5FgGqVKpdJ+Jx2oCYA
wYgNUJJOiM16Ewuu2ehZFhgJEwKmjLataxHjetL3OsS94ktBtUZHVRYWaEIo8AM+
EMD+MLyc6Ve3V84NxgKi0oYNfoUSDjidi1FwUWEIh7in4QQnk0GUIuTihLmBPaYC
GB7aXSEHpUlZ92mAEGixnwQprmndaHtjJCLpABEBAAG0K0hvdGVsY3J1eCBTZWN1
cml0eSA8c2VjdXJpdHlAaG90ZWxjcnV4LmNvbT6JAVQEEwEIAD4WIQSyeVMVpvmZ
4pKJaQbeMok7qpbregUCY0xzUAIbAwUJB4YfYAULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRDeMok7qpbrer5UB/9YWrTejyM860tKx1dhl6LRJuHSQ6ZyNjkNvq/m
Z6Lq2o6NvgfFBcxKIjVi4Kpjetme7MEkYbp+KVKpRqAYEvaTDuZGYi56KF1Y8Ctk
esqVAgGSU8qtpZcgeRmLgsVgjHd6jciYZps+4P4mRYONVMfUaDis9E8cOFiJpIrj
Y5IWpTLDzpYtLUBfAygWdQN/rjmL6IGNoMolER7cWIEpVFBiELUdriFACQmMAazp
GbnjNwmzRPF79bGh3YPpX5RrJYlse4ulVFuB+PyLJyuyH+HYT40Nxt8EgY+WcgIL
CMw1aupelCHz61GlXsK+wMfPlMYXNgTLr/2lB/Bm+02gPumVuQENBGNMc1ABCACz
DWkNHYCVgOln3DvqbPUzP4bJ1edaof9eW5g8JtbSR19+7oWGu/GiwgsUh2GTYElj
HX7tsE08bK3GfX8J5IUVlQWL0pOkiucdKZqoPBNH9eDUxclPaOn5oJlqs8JY7wmh
mOfjuqVmr4QPbVBf7cuKI4ltn+V12a0pkTd1aAIpm9XetKDysB6u/PKPWNjqdARY
TUCFA7O0LRuAlDE3auts4WTIxSYEGXcfahhgQIqlgy65pS1C+lz/suVjFb1ocKkG
JdGJtqhsWxyOO9bz3cY4Kd8qotPcKlDZZslbCPmKpv5ttNjxG1vVLEdQM40dWFac
vAHqSy4WPKQyxW4hpoVdABEBAAGJATwEGAEIACYWIQSyeVMVpvmZ4pKJaQbeMok7
qpbregUCY0xzUAIbDAUJB4YfYAAKCRDeMok7qpbreqV8B/9W4VhvEoQNThe4CGTc
XRebWGscIQR4WA6/DWv/EGfTknzZr7bXjLYQXTG1l1gmeE9i+Jj/Y4xe4tzKTA8J
mqWbxtffalIqBGEFwL2BhGlsgU7GMg5RZeBqWxvQOXgYEP9wL3+feLJdyOjUif/x
DPJhqe7Z0wqVQ8xLJV6IlWfZ9SyQTkXEDAFQAdIY+ZNevbrnbqbCbL8/vmEP/Us/
U+cuPMO5ROK8NXQePpABGoI3g4t/0myglh9Q8soggOxSFwXRWZdZkiW6I+DJALFP
wJhx4GPipBqV62qhbpVybSfC56H6Iee1j0NzVaU8crLPJocUD5oQ7UzF1mJrFArf
Q1SU
=DAb5
-----END PGP PUBLIC KEY BLOCK-----

Fingerprint: B279 5315 A6F9 99E2 9289  6906 DE32 893B AA96 EB7A

Bug Bounty Program

We value the security and integrity of our website and systems and offer a bug bounty program to reward individuals who help us identify and fix vulnerabilities in our website. View our Bug Bounty Program for more information on how you can participate.

Contact Us

If you have any questions or concerns about our security policy or the measures we have implemented, please do not hesitate to contact us.