Find hidden files with Show Hidden Files


Password policy and audit

To make sure the password policy works well, password audits should be performed on a periodic basis. Strong passwords are the cornerstone of an organizationís information security. Comprehensive password policy understood and implemented by all employees within an organization, may significantly enhance the level of data protection. To make sure the password policy works well, password audits should be performed on a periodic basis.

Sane password policy

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A sane password policy should provide for a multi-level approach to passwords. For example, USCF Office of Research ( distinguishes all passwords within an organization into system-level, production system-level and user-level passwords. Employees may access accounts of their group only.

Use Balanced Scorecard metrics designed in Excel to measure IT security performance.

Strong passwords should be at least eight alphanumeric characters long and contain both upper and lower case characters. The passwords should not be a word in any language, slang, dialect, jargon, or based on personal information, names of family. Passwords should never be written down or stored on-line. Ideal passwords are not only hard to guess but also easily memorized. One way to create such password is make up a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~".

Elaborate security policy using concept and mind mapping techniquesEach account within an organizationís network should have different passwords. Passwords are not to be shared with anyone, they should be considered as sensitive, confidential information that belongs to the organization.  Passwords should not be included in an email message, revealed to co-workers (even while on vacation) or family members. Sometimes employees put down hints at the format of a password (e.g., "my family name"), which makes it easy to intercept the password. Besides, Remember Password feature, which is available in a number of applications (e.g., Eudora, Outlook, Netscape Messenger), should be disabled. Employees should never put passwords down or store them in a file on any computer system (including Palm Pilots or similar devices) without encryption. Passwords must be changed at least once every six months, with system-level passwords changed quarterly. The recommended change interval is every four months.

Password policy should also provide for technology requirements. Applications as well as network accounts should support authentication of individual users, not user groups and provide for some sort of role management, such that one user can take over the functions of another without having to know the other's password. Besides, applications should not store passwords in clear text or in any easily reversible form.

Interaction with an organizationís network via remote access should be controlled using either a one-time password authentication or a public/private key system with a strong passphrase. A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known only by the user. The passphrase allows the user to "unlock" the private key and gain access to an organizationís network. A passphrase is typically composed of multiple words. It is a longer version of a password and is, therefore, more secure.

Information security audit

An organizationís IT security consultant should perform ongoing password and overall security audits on the corporate network. In fact, securing your passwords and applying all the current technical updates sometimes turns out to be insufficient, and to make sure everything is locked down you should perform a thorough security audit at least once a year. An organizationís security consultant would approach the corporate network using many of the ďhackerĒ tools and techniques. A thorough security audit would penetrate your Internet firewall, test the strength of your passwords, verify the physical security of your data and backups, scan your whole network for security holes and vulnerabilities and provide a detailed report of the findings. The goal of a security audit is to give you recommendations and cost estimates on what it would take to fix security issues found during the audit and thus increase the corporate networkís security.

Security consultant should perform password cracking or guessing on a periodic or random basis. Password audits are an important component of the corporate security policy, as there is never a way to make any password uncrackable, no matter how strong the password restrictions are. A brute force attack will crack a password given enough time. Security policy must ensure the time and number of attempts is limited. Password audit performs a scan of access controls and user accounts within an organizationís network. If a password is guessed or cracked during this scan, the user must be required to change it.

Corporate data protection

Pasword policy and audits are a necessary component of an organizationís overall information security strategy. If implemented correctly, password policy helps protect sensitive information from vitrually any type of attack.

Show Hidden Files newsletter is about password protection, password recovery and searching password protected

Be the first to hear about new Show Hidden Files solutions

Sign up for the free Show Hidden Files email newsletter. Enter your email address below, and then click the Subscribe button. Your email address will be kept confidential, and we will use it only to send you our newsletter. 



Please, let us know what you think about this article:

This article was useful for me

If article was not useful then, please let us know if:

Information is wrong

Needs more information

Not what I expected

Your comments:

Your name (optional)        E-mail (optional)

Made in Devoler