Question

In: Computer Science

What kind of difficulties there might be when creating an information security policy? What is required of them?

What kind of difficulties there might be when creating an information security policy? What is required of them?


Solutions

Expert Solution

What kind of difficulties there might be when creating an information security policy? What is required of them?

  • The difficulties that are there while making the information security policy are as follows:
    • Collecting Information:
      • The collection of information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
      • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
    • Risk Profiling:
      • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
      • There must be things carried out like:
        • Automated threat scanning
        • Penetration Testing
        • Black Box Testing of the source codes
        • Assigning Risk Ratings to the Security Flaws
        • Reporting to higher Authorities
    • Updating Technology:
      • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
      • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
    • Application Fingerprinting:
      • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
      • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
        • Defining Objectives
        • Devising Strategy to overcome threats
        • Role-Based Access Control Matrix
        • Choosing Appropriate Security Tools
  • Also, there can be certain management difficulties such as:
    • Preparing:
      • One must always prepare for the risks and also keep the systems checked for the vulnerabilities.
      • The best approach is to plan and make changes to the system as soon as the updates are launched to a particular system.
      • The planning must work accordingly so that the risks are being minified at the user's end.
    • Verifying & Eliciting:
      • Verifying each & every potential risk in the system and if found critical then eliciting the risk will ensure that the risks are eliminated properly.
      • The elimination of the risks is also being done on a certain level so that there are no further risks remaining in the system to check.
    • Analyzing gaps & Evaluating:
      • Analyzing for risks is the major activities that must be taken on the developing end because if a risk is analyzed in the earlier stage it is less destructive for the system.
      • Evaluating the level of the risks also become important for the users so as to make the risks less effective on the systems.

Hence, these are some of the points which can be creating difficulties when creating certain information policy and to what is being required by the organization for which the security policy is being developed.


Related Solutions

1. What specific information is required when creating a new product that is not required when...
1. What specific information is required when creating a new product that is not required when creating a new service? 2. How do you view a previously entered credit card charge in QBO?
What difficulties might you anticipate when using the rational problem-solving process?  Why? What additional difficulties might arise...
What difficulties might you anticipate when using the rational problem-solving process?  Why? What additional difficulties might arise because of personal attributes? Which of these have you experienced? Explain. What were the consequences? How can these difficulties be avoided?
A chief information security officer is creating a security committee involving multiple business units of a...
A chief information security officer is creating a security committee involving multiple business units of a corporation. Which of the following is the best justification to ensure collaboration across business units? A risk to business unit is a risk avoided by all business units, and liberal BYOD policies create new unexpected avenues for attackers to exploit Enterprises single point of coordination is required to ensure cyber-security issues are addressed in protected, compartmentalize groups without business unit collaboration, introduced by one...
What provisions should be included in a model privacy and security policy that patients might use...
What provisions should be included in a model privacy and security policy that patients might use in making decisions related to their privacy and the security of their PHRs?
What factors might be considered when creating a tax that is considered fair by most people...
What factors might be considered when creating a tax that is considered fair by most people in a society? (LO3.1) What are the ethical implications of not paying your fair share of taxes? (LO3.1) What are some advantages of electronic filing? (LO3.3)
What kind of policies (under Fiscal policy) might you suggest to the government? Mention three. Consider...
What kind of policies (under Fiscal policy) might you suggest to the government? Mention three. Consider the economic principle held by Classical economists: The economy always returns to its potential in the long run. What are Keynes’s criticisms of this economic principle? 300-400 word response please! thanks!
1. Is it a security policy? 2. What type of security policy is described?
1. Is it a security policy? The textbook defines a security policy as, "... an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization". Is your selected document a security policy per this definition? If not then describe its purpose. Note that some items on this list may not really be security policies per this definition.2. What type of security policy is described? Assuming the document is...
1. Discuss the difficulties in defending systems when there are delays in security updating products? 2....
1. Discuss the difficulties in defending systems when there are delays in security updating products? 2. Discuss the difficulties in defending against the availability and simplicity of attack tools.
-What kind of financial information is a publically traded company required to provide to its stockholders?...
-What kind of financial information is a publically traded company required to provide to its stockholders? Which financial statement do you think provides the best information for investors? -Differentiate (compare) among the information that is provided in each of the following financial statements: (1) balance sheet, (2) income statement, and (3) statement of cash flows. -Discuss some of the limitations associated with performing ratio (financial statement) analysis. What is the most important ingredient (input) in completing ratio analysis? Explain why....
1. Give examples of security measures that might be used to control information security, personnel security,...
1. Give examples of security measures that might be used to control information security, personnel security, and health hazard security issues. 2. Should the federal and state governments enact tougher laws or regs to deal with security violators? If so, what are your recommendations?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT