Password Management Strategies for Safe Systems: Offense and Defense

BY JAMES F. LEON

Editor's note: This is a Web-exclusive exhibit for "Password Management Strategies for Safer Systems."

Primary Security Risks Effective Countermeasures
Failing to enhance password security in order to focus on searching for a “perfect” security system and obtaining more funding.
  • Immediately improve password security procedures.
Implementing new system security procedures or a new security system without adequate planning and full knowledge of current system’s capabilities.
  • Learn how current system stores and protects passwords.
  • Observe employees' password-related practices (for example, check for notes near monitors).
  • Identify security system capabilities necessary to ensure employees' adherence to password security requirements.
  • Perform a thorough needs analysis before buying new security software.
Inconsistently enforcing safe password practices.
  • Obtain high-visibility, senior management support of safe password practices, and publicize them to all employees.
  • Enforce all safe password practices without exception.
  • Make adherence to safe password practices a condition of employment.

Also read these other Web-exclusive exhibits:
Safe Password Practices
Glossary of Key Terms

QUIZ

Personal happiness and new hires’ pay on the rise

The news of the past couple of weeks hit home with reports on personal financial satisfaction and pay for finance professionals. See how much you know about recent news reports with this quiz.

SPONSORED REPORT

Preventing and detecting fraud at not-for-profits

Organizations in all industries must deal with the potential for fraud to occur, and design controls to prevent and detect it. Environment, policies, and controls can help organizations steer clear of problems.

PROFESSIONAL LIABILITY SPOTLIGHT

The dangers of dabbling

To meet evolving marketplace needs, CPAs often look to diversify their service offerings. Firms can mitigate the risk of experiencing competency-related professional liability claims by implementing these basic steps.