31st January 2011
I visit quite a number of businesses each year and those seeking certification to ISO27001, the information security management standard, are rising in numbers.
The first step in any 27001 assignment involves a gap audit to see how near (or far) the company is from meeting this standard. Usually it transpires that some significant work is required to meet this exacting standard.
To put the standard into perspective; If ISO9001 , the quality management standard, equated to a molehill then 27001 would equate to Everest. I hope I haven’t put you off!!
One of the sections within 27001 deals with access control and the part I want to cover is the control and use of passwords. Here are some rules for passwords:
I see breaches of these rules on a regular basis including:
Most systems can be hacked in a relatively short time so I recommend that a computer should lock if more than a set number of incorrect passwords is entered. Make it harder and time consuming for the hacker.
Let us make 2011 a more secure year for our computer systems. Remember the data on your system is valuable and can cause a great deal of distress, if not financial loss if it is stolen by others.
Heybridge Business Centre
110 The Causeway, Heybridge
Essex CM9 4ND
T: 01621 857841
M: 07702 193788
© 2020 Quality Matters Ltd. All rights reserved. Responsive Design