This morning I read a good essay named "Security Myths and Passwords" by Prof. Eugene Spafford. Prof. Eugene told us his doubt on those best practices on password management policy, like "monthyly change", based on the interesting origin of this "best practice".
The defects and even failures in most of enterprise security defense systems can be root caused into problems in "security execution", ie. the discrepancy between the policy and the real environment. The security manager just book those best practices into their "policy", while not considering their staff, their skills, the data to protect, the threats to contain/mitigate…
This entry was posted on Saturday, April 29th, 2006 at 10:02 am and is filed under Audit, BS7799, CoBIT, Comments, IAM, Security, SOX. You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
Best practice on password management
This morning I read a good essay named "Security Myths and Passwords" by Prof. Eugene Spafford. Prof. Eugene told us his doubt on those best practices on password management policy, like "monthyly change", based on the interesting origin of this "best practice".
The defects and even failures in most of enterprise security defense systems can be root caused into problems in "security execution", ie. the discrepancy between the policy and the real environment. The security manager just book those best practices into their "policy", while not considering their staff, their skills, the data to protect, the threats to contain/mitigate…
Like this:
This entry was posted on Saturday, April 29th, 2006 at 10:02 am and is filed under Audit, BS7799, CoBIT, Comments, IAM, Security, SOX. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.