Tuesday, October 30, 2007

How We Operate

Here is an excellent run-down on setting up secure passwords from fellow CISSP and IT security blogger Joel Dubin:

At the heart of compliance is access management and authentication. And at the heart of authentication are user IDs and passwords. Despite their many weaknesses and the availability of multifactor authentication technologies, the venerable user ID and password combo remains the centerpiece of access to many corporate systems.
Rather than tearing up network plumbing for new-fangled devices, like one-time password (OTP) tokens and smart cards, many companies have opted to strengthen their existing password systems to keep compliant with audit and compliance regulations and standards, including Sarbanes-Oxley, HIPAA, FFIEC and PCI DSS.

It doesn't have to be a big deal, and you don't have to spend a ton of money. Just spend a little time in training and reminding users of how it is done.

1 comment:

Mike said...

Very recently I came across an very interesting webcast event that is going to be held on December 11, 2007 9 am PT/12 pm ET on subject “How Information Governance and Compliance Pay”
This webcast is based on recent research conducted by the IT Policy Compliance Group, focuses on fact-based insight into how improving information governance, risk and compliance, reduces costs, financial risk and the loss of sensitive data.
You website visitor who are interested in this webcast can learn about the steps should be taking to:
• Reduce labor costs
• Mitigate and avoid significant financial risk and loss
• Improve information governance results
• Improve regulatory compliance results
More information about this webcast is available at http://www.compliancehome.com/symantec/