Example 1: XYZ Inc. Company-Wide Employee Password Strategy
•All users must have a password.
•Passwords must be changed every six months.
•A password must have a minimum of six characters.
•A password must have a maximum of 12 characters.
•A password must contain letters, numbers, and special characters other than $.
•Create a password. The UserID should be an EmployeeID already generated by HR.
•Send a request to create the account to the Information Technology (IT) department.
•User receives a temporary password.
•Users must change their temporary password the first time they log in.
Example 2: Security Policy and Standards
Password Policy: Passwords are an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data.
In order to define the password policy, it is important to identify the standards.
1. Multi-factor authentication
2. Password strength standard
3. Password security standards; how to keep the password secure
Tips and Points to Consider When Identifying Risks or Security Vulnerabilities
•Flaws in operating systems due to constant attack by malware
•Denial of services attacks
•Employees data theft
•User set a weak password or password that is easy to guess, such as a birthday or child’s name.
•User leaves sensitive data on an unlocked, unattended computer
•Organization allows sensitive data on a laptop that leaves the building
•Data can be accessed remotely without using proper security
Network Security Associates of Atlantis, Inc. 123 Watery Lane
Atlantis, USVI 91199
From: IT Security Dept. Re: Security Policy
Section 1: General Policies and Motivation
Section 2: Passwords
Section 3: Biometrics
Section 4: Tokens
Section 5: Physical Security
Section 6: Email Policies
Section 7: Breach Reporting Responsibilities
Section 8: Mobile Policy and BYOD (Bring Your Own Device)