Question

What kind of difficulties there might be when creating an information security policy? What is required of them?

Answer 1

What kind of difficulties there might be when creating an information security policy? What is required of them?

• The difficulties that are there while making the information security policy are as follows:
  • Collecting Information:
    • The collection of information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
    • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
  • Risk Profiling:
    • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
    • There must be things carried out like:
      • Automated threat scanning
      • Penetration Testing
      • Black Box Testing of the source codes
      • Assigning Risk Ratings to the Security Flaws
      • Reporting to higher Authorities
  • Updating Technology:
    • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
    • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
  • Application Fingerprinting:
    • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
    • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
      • Defining Objectives
      • Devising Strategy to overcome threats
      • Role-Based Access Control Matrix
      • Choosing Appropriate Security Tools
• Also, there can be certain management difficulties such as:
  • Preparing:
    • One must always prepare for the risks and also keep the systems checked for the vulnerabilities.
    • The best approach is to plan and make changes to the system as soon as the updates are launched to a particular system.
    • The planning must work accordingly so that the risks are being minified at the user's end.
  • Verifying & Eliciting:
    • Verifying each & every potential risk in the system and if found critical then eliciting the risk will ensure that the risks are eliminated properly.
    • The elimination of the risks is also being done on a certain level so that there are no further risks remaining in the system to check.
  • Analyzing gaps & Evaluating:
    • Analyzing for risks is the major activities that must be taken on the developing end because if a risk is analyzed in the earlier stage it is less destructive for the system.
    • Evaluating the level of the risks also become important for the users so as to make the risks less effective on the systems.

Hence, these are some of the points which can be creating difficulties when creating certain information policy and to what is being required by the organization for which the security policy is being developed.