Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., “Complex Passwords”). Write a security policy for your selected element. The scope of this policy should be issue specific.

QUESTION

 

Security Policy

A well-written security policy will clearly define the limits of computing infrastructure to the end users. Security policies should be simple and to the point.

Don't use plagiarized sources. Get Your Custom Essay on
Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., “Complex Passwords”). Write a security policy for your selected element. The scope of this policy should be issue specific.
Just from $13/Page
Order Essay
  1. Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., “Complex Passwords”).
  2. Write a security policy for your selected element. The scope of this policy should be issue specific.
  3. Your policy at a minimum should include a title, purpose of the policy, scope, details of the policy, compliance, author, and review date.
  4. Your policy should be no longer than 500 words and written using an industry standard policy format.

APA style is not required, but solid academic writing is expected.

ANSWER

 Complex Passwords Security Policy

 

Purpose

The purpose of this policy is to establish guidelines and requirements for the creation and management of complex passwords within the organization. This policy aims to enhance the overall security posture by minimizing the risk of unauthorized access, data breaches, and other malicious activities that can result from weak or easily guessable passwords.

 

Scope

This policy applies to all employees, contractors, and third-party vendors who have access to the organization’s computing infrastructure, systems, applications, and data. It covers all devices, including but not limited to workstations, laptops, mobile devices, servers, and network equipment.

 

Policy Details

Password Complexity

    All passwords must meet the following complexity requirements:

      – Minimum password length of eight (8) characters (Sahin, 2015).

      – Combination of uppercase and lowercase letters.

      – Inclusion of numeric digits (0-9) and special characters (@, #, $, etc.).

      – Avoidance of common words, sequential characters, or easily guessable patterns.

   Passwords should be unique and not reused across different systems or accounts.

    Passwords should not be written down or shared with others. Passwords should be treated as confidential information.

 

Password Management

    Passwords must be changed at least every ninety (90) days.

    Employees should not use personal information (e.g., names, birthdates) or easily discoverable information (e.g., employee ID) in their passwords.

   Multifactor authentication (MFA) should be enabled where available to provide an additional layer of security.

 

Account Lockouts

    After a specified number of unsuccessful login attempts (e.g., three), the account should be temporarily locked.

   Account lockouts should be accompanied by appropriate notifications to the user and the IT department (Liu et al., 2019).

 

Compliance

All employees, contractors, and third-party vendors are responsible for complying with this policy. Failure to comply may result in disciplinary action, including but not limited to access restrictions, suspension, or termination of employment or contract.

 

Author

This policy has been authored by the IT Security Department in collaboration with the organization’s management and legal team  (Syed et al., 2011).

 

Review Date

This policy will be reviewed annually or as deemed necessary by the IT Security Department to ensure its relevance and effectiveness.

 

Conclusion

The Complex Passwords Security Policy establishes guidelines for creating and managing strong passwords, reducing the risk of unauthorized access and data breaches. By adhering to these guidelines, we aim to safeguard our organization’s sensitive information and maintain a robust security posture. It is the responsibility of all employees, contractors, and third-party vendors to familiarize themselves with this policy and ensure compliance to protect our computing infrastructure and valuable assets.

References

Liu, Y., Squires, M., Taylor, C. R., Walls, R. J., & Shue, C. A. (2019). Account Lockouts: Characterizing and Preventing Account Denial-of-Service Attacks. In Lecture Notes in Computer Science. Springer Science+Business Media. https://doi.org/10.1007/978-3-030-37231-6_2 

Sahin, C. S. (2015, December 17). General Framework for Evaluating Password Complexity and Strength. arXiv.org. https://arxiv.org/abs/1512.05814 

Syed, Z., Banerjee, S., Cheng, Q., & Cukic, B. (2011, November). Effects of user habituation in keystroke dynamics on password security policy. In 2011 ieee 13th international symposium on high-assurance systems engineering (pp. 352-359). IEEE.https://ieeexplore.ieee.org/abstract/document/6113919/

 

Homework Writing Bay
Calculator

Calculate the price of your paper

Total price:$26
Our features

We've got everything to become your favourite writing service

Need a better grade?
We've got you covered.

Order your paper