Companies should take a number of factors into account when developing an information security policy. So how can businesses make sure they have a solid policy in place that suits their needs?

In the field of cyber security, the adage "cyber-attacks are a matter of when, not if" is frequently used. Companies have begun to develop their risk management strategies in accordance with this during the past several years.

Although organizations can't always stop cyberattacks, they can try to minimize the harm when one occurs. Establishing a robust information security policy to safeguard the company is one approach to achieve this. There are many advantages to doing this, including limiting risk and lowering expenses while adhering to regulatory standards.

According to Jason Manar, CISO of Kaseya, a solid information security policy reduces a company's risk and exposure. "A single infiltration can prove disastrous for a business, and a solid policy helps limit both financial and reputational harm," according to the statement.

According to Sam Peters, chief product officer of ISMS.online, developing a good information security strategy establishes the culture, values, and expectations for an organization. According to him, it is also a crucial instrument for ensuring a strong security posture and achieving compliance with industry regulations. An successful information security policy "clearly outlines what the organization wants, what's forbidden, and who is responsible," which "provides clarity and eliminates inconsistent behaviors at all levels of the business."

Instead than trying to fit everything into one massive policy, it is preferable to have a variety of smaller, more manageable policies.

Companies should take a number of factors into account when developing an information security policy. So how can businesses make sure they have a solid policy in place that suits their needs?

To avoid with information security policy

When creating an information security policy, there are frequent traps to avoid. According to Steven Furnell, an IEEE senior member and professor of cyber security at the University of Nottingham, many businesses construct overly complex policies that are challenging to grasp, yet most of the time, less is more. Instead of attempting to combine everything into a single "mega-policy," it is preferable to have a variety of smaller and easier to understand policies. rather than trying to throw everything into one ‘mega-policy’,” he says.

In addition to a variety of more detailed security policies for various issues, he argues that the information security policy might serve as the "high level" document. The use of mobile devices or policies for working from home could be examples of this. Staff members can read these policies in accordance with their demands or regular activities.

Stay away from technical jargon

It's critical to be explicit while drafting the security policy. According to Peters, businesses should refrain from utilizing legalese and technical language.

According to Peters, regulations that are complicated or ambiguous frequently foster the attitude that "security is too hard to achieve correctly." "The policies are therefore viewed as a roadblock to doing business, increasing your risk level if personnel try to go past them," says the author.

Will Dixon, worldwide head of the academy and community at ISTARI, claims that the weakness of most weak policies is a lack of a distinct business goal. "When an information policy's intended business outcome is unclear, individuals will avoid it.

Instead, your information security policy needs to have a goal that everyone in the company can understand.

According to Dixon, "it can be created to stop information security breaches, safeguard the organization's brand, or adhere to legal requirements."

It's also crucial to remember that a solid information security policy needs to be updated frequently. Manar claims that weak policies make the error of adopting a "set it and forget it" attitude. "A policy must be periodically examined and audited to make sure it is.

It's also crucial to remember that a solid information security policy needs to be updated frequently. Manar claims that weak policies make the error of adopting a "set it and forget it" attitude. "In order to make sure a policy is serving its intended purpose, it must be regularly evaluated and audited. If not, the policy is unsuccessful.

Creating a policy for information security

One of the greatest places to start when creating an information security policy, according to Peters, is by evaluating the risk landscape of the organization. It doesn't matter if you want to start from scratch with an information security policy or just check to see if one you already have is enough, the author writes.

According to Peters, businesses should begin by identifying their internal weaknesses, problem areas, and external supply chain exposure, taking into account hazards ranging from a data breach to the likelihood of a complete system outage.

In doing so, organizations can take into account the typical cyber security risks that all companies face as well as the sector in which they work. After that, Peters suggests, "you can consider how any detected risks will effect the confidentiality, integrity, and accessibility of your data and systems."

Utilizing guidelines like the ISO/IEC 27001 standards for information security management systems makes sense. According to Peters, doing so "helps guarantee that you're addressing all pertinent elements required for an effective information security policy."

Information security managers have a number of tools at their disposal to create new policies or improve the ones they already have, according to Dixon. He uses the SANS Institute as an example, which provides free compliance frameworks with reference papers for information security needs.

When establishing the policy, Manar advises asking a few questions:

What do you want the policy to do?

Who is it for?

What are the objectives you hope to accomplish?

“You need to account for things such as authority, access control and network security policies, data classification and protection, data backup, and how you move and secure data,” says Dixon.

The policy should also specify the frequency of security awareness training and the usage of encryption techniques. In the meanwhile, Manar asserts that duties and responsibilities must be "clearly specified for personnel".

The rules you establish must also be followed, according to Brian Ventura, a trained teacher at the SANS Institute. "The organization must develop strategies and programs to implement the policy and identify any gaps in its application."

Keep in mind that buy-in is essential as well. According to Furnell, IT should ideally collaborate with the company to make sure the security policy accurately conveys what it wants to express. "The organization needs to support the policy, advertise it, and give people the assistance they need to comprehend and follow it right now."

Peters agrees that an organization's information security policy is best developed through collaboration. To guarantee that any policy delivers clarity of demand, consistency of behavior, and meets all regulatory compliance standards, buy-in from all major business departments is crucial.

How to Install Python 3 on CentOS 8

Unlike other Linux distributions, CentOS 8 does not come with a version of Python installed. Currently Python 3.9 is the latest major version of Python. This guide shows two options for installing Python 3 on CentOS 8:

How to Install Python 3.9

You need to build Python 3.9 from source to install it on CentOS 8.

Download the dependencies to build the package:

 sudo dnf groupinstall 'development tools'
 sudo dnf install wget openssl-devel bzip2-devel libffi-devel

Download Python version 3.9:

 sudo curl https://www.python.org/ftp/python/3.9.1/Python-3.9.1.tgz -O

Extract the Python package:
```
 tar -xvf Python-3.9.1.tgz
```
Change into the Python directory:
```
cd Python-3.9.1
```
Run the configuration script and run the build process:
```
 sudo ./configure --enable-optimizations
 sudo make install
```
Note
If you have an already existing Python binary installed at /usr/bin/python or /usr/bin/python3, you should run sudo make altinstall instead.
After the installation is finished, you can run the command python3 -V and verify the installation:
```
python3 -V
```
The output looks like this:
```
Python 3.9.1
```

How to Install Python 3.6

If you do not need the latest version of Python, you can install Python 3.6 using the CentOS repository. This version is included in the CentOS repository by default. While this installation method is easier than the previous from source method, it is not the latest version. Install version 3.6 by running the following command:

sudo dnf install python3

If you haven’t installed any other version of Python, you can verify this installation by typing:

python3 -V

And the shell returns:

Python 3.6.8

Additional Information

Installing multiple versions of Python 3 is not recommended. It’s best to manage multiple versions with tools like pyenv or anaconda .

If you installed Python 3.9 by compiling from source, the installed binary is located at /usr/local/bin/python3. If you installed Python 3.8 from the CentOS package repository, the installed binary is located at /usr/bin/python3.

How to Install Python 2

You may require Python 2 as a dependency for older code or software. If this is the case, you can install it with the following command:

sudo dnf install python2

Run python2 -V to check the version:

python2 -V

The output looks like the following:

Python 2.7.17

It’s important to remember that Python2 is no longer supported by the Python foundation. Therefore, there are no new updates or fixes. Applications are making the switch to Python 3, and distributions like Ubuntu 20.04 and CentOS 8 are no longer shipping with Python 2 by default.

Out of Memory !

Software,Develope,Devops, Security,TroubleShooting

Monday, November 7, 2022

Establishing a strong information security policy

Monday, May 16, 2022