| |
| |
|
Personal Technology Information |
|
|
|
Passwords and the Human Factor
Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness. It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents. The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password. The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a naďve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided. These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons. Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk. Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination. In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer. About The Author Terrence F. Doheny President, Beyond If Solutions,LLC
MORE RESOURCES:
Google News |
|
|
|
RELATED ARTICLES
SmartCar Memory Stick for LapTop Transfer Data With the new technology used to transfer information to from your digital camera to your laptop or PC using memory sticks which hold significant amounts of data it appears such technology will be perfect for net-centric cars. Where all the data is stored in a black box situation as many cars now have these features already. Why Get a Microsoft MCSE Certification? In the years of the dot com boom and bust, the Microsoft MCSE Certification has gotten its eye blackened over an over. Paper Microsoft MCSE's who were excellent at finding brain dumps and passing exams gave the Microsoft MCSE Certification a bad name. What Exactly are Screensavers? - part II Here are some tips on how to use screensavers:First of all you should be careful when you use a screensaver on a LCD. A pixel it's on when it's dark on a LCD. HTML Explained: Part 1 Want to save money while promoting your web-based business? Of course you do. Here's some advice on the matter, from a freelance copywriter who knows: it pays to learn the basics of HTML. Computer Performance Tips IntroductionIn this article I will clearly spell out the most effective steps you can take in order to increase the performance of your computer and enhance your computing experience.More Memory (RAM)If your computer has less then 256 MB of memory you may want to consider adding more. Password Nightmares Good Morning Mr. Sampson. How To Search Your PC With Google Desktop In this era of Internet, most people are frequent users of computers. Many of us use computers through out the day, accumulating morasses of information in various formats, which include email, digital photo, word document, spreadsheet, presentation file, ebook, article, other downloaded files, music, visited web pages, and many others. Digital Cameras + Photo Printers = Quality Instant Photographs In the 1950's and 1960's Polaroid's instant cameras were all the rage. You could shoot a picture and have the finished print in a minute or so. Temporary Fixes to Spyware, Ad-ware, and Virus Infections So you've got some spyware, ad-ware, or viruses on your system. For whatever reason, you are unable to get ahold of a virus detection & removal program, or a good ad-ware scanner. Home Video? Bring it On So you got yourself a digital camcorder. If you want to be able to edit and produce awesome home videos, you'll need some tools. Email Management If you utilize a computer at home or work it is likely that you use email. Email is an electronic message that is sent from one computer to another following a specific protocol (Simple Mail Transfer Protocol or SMTP). Gain Control Over Your Screensavers With These Simple Steps We all enjoy our favorite screensavers but in the same time we all hate to see that they sometimes disturb our movies, presentations and all the things we do and do not like to be disturbed from. Just read carefully this article and you will never have this problem again. Palm PC critique I met an entrepreneur who hole heartedly disagree with an article in Advertising Age by Bradley Johnson that Palm Pilot can keep their market share through brand name. We discussed RIMM Research in Motion and my stock in that company and I defended the wireless venue, but he went into a tirade, luckily I used a digital recorder and got most of it; basically here is his critique:"That grip has already eroded by Palm PC makers and clones. Plasma TV vs LCD TV For those seeking to buy their first flat panel TVdisplay device, it is easy to be confused with conflicting and counter claims bydifferent interest parties. So what is the truth in the competition between LCDand Plasma TV? Here's are some pointers before you rush out and buy your flatpanel TV on impulse . Virtual Memory - What is It? I recently got an e-mail asking about virtual memory. The person who sent me the question was getting an error on random occasions from their Windows operating system stating "Your computer is low on virtual memory". Review of Rio MP3 Players Below you will find some useful information and comments about a few of the most popular MP3 players by Rio, including the Nitrus, Carbon, Cali, and Forge. None of these MP3 players are perfect, but each offers a unique set of strengths and weaknesses that should be taken into consideration before you purchase any one of them. EDTV vs HDTV Confused by EDTV vs HDTV? We don't blame you. The number of acronyms floating about with regard to digital TV is frightening. 5 Steps to Remove Spyware for Free Have you ever tried to remove Spyware off your PC only tofind out it never left or it came back? Tired of all thoseannoying Popups, Viruses, and Ads on your system day in andday out? Well, listen closely because the day has come toremove Spyware programs and Viruses - forever!I will give you some very useful tricks and tips to removeSpyware and Viruses for good! Follow closely:Steps to Remove Spyware, Viruses, and Adware1. There are many types of software available today thatclaim to remove spyware off our system, but which one REALLYdoes the job? What you need is software that not only willremove spyware, but TOTALLY removes it for good and keeps itoff. Are You Well Protected? Winter?the official start of the cold and flu season. Though, technically speaking, things got started a little early. How To Speed Up Your Aging PC And Make It Healthier Too With a little tweaking and with proper tools, you can get a faster, healthier PC, virtually immune to spyware infections and browser hijackers. How is this possible? Find out about the latest tools and how they work.
|
| home | site map |
| © 2006 |
