What kind of
difficulties there might be when creating an information security
policy? What is required of them?
- The difficulties that are there while making the information
security policy are as follows:
- Collecting Information:
- The collection of information is one of the major parts that
plays in the security of the organization. The URL of the target
must be accessible to gain information.
- Information caught in wrong hands can turn out to be chaos for
any organization. Hence, information must always be safeguarded
with levels of security.
- Risk Profiling:
- Checking the website for each and every type of risks/threats
is a very important task and must be carried on with each and every
module of the organization's availability in the internet
space.
- There must be things carried out like:
- Automated threat scanning
- Penetration Testing
- Black Box Testing of the source codes
- Assigning Risk Ratings to the Security Flaws
- Reporting to higher Authorities
- Updating Technology:
- In the current world scenario, it has become very important to
update the technologies that are been actively used and must be
balanced accordingly.
- The use of older versions will come with a bunch of
vulnerabilities and threats along with the destruction of certain
aspects of the organization.
- Application Fingerprinting:
- In an organization, there are certain things that must be
checked for the known vulnerabilities and exposures. If there, one
must always keep it the priority to overcome certain threats in
order to run the organization smoothly.
- The application fingerprinting consists of different levels of
assessment. Here are some of the different scopes:
- Defining Objectives
- Devising Strategy to overcome threats
- Role-Based Access Control Matrix
- Choosing Appropriate Security Tools
- Also, there can be certain management difficulties such as:
- Preparing:
- One must always prepare for the risks and also keep the systems
checked for the vulnerabilities.
- The best approach is to plan and make changes to the system as
soon as the updates are launched to a particular system.
- The planning must work accordingly so that the risks are being
minified at the user's end.
- Verifying & Eliciting:
- Verifying each & every potential risk in the system and if
found critical then eliciting the risk will ensure that the risks
are eliminated properly.
- The elimination of the risks is also being done on a certain
level so that there are no further risks remaining in the system to
check.
- Analyzing gaps & Evaluating:
- Analyzing for risks is the major activities that must be taken
on the developing end because if a risk is analyzed in the earlier
stage it is less destructive for the system.
- Evaluating the level of the risks also become important for the
users so as to make the risks less effective on the systems.
Hence, these are some of the points which can be creating
difficulties when creating certain information policy and to what
is being required by the organization for which the security policy
is being developed.