Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., “Complex Passwords”). Write a security policy for your selected element. The scope of this policy should be issue specific.
QUESTION
Security Policy |
A well-written security policy will clearly define the limits of computing infrastructure to the end users. Security policies should be simple and to the point.
- Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., “Complex Passwords”).
- Write a security policy for your selected element. The scope of this policy should be issue specific.
- Your policy at a minimum should include a title, purpose of the policy, scope, details of the policy, compliance, author, and review date.
- Your policy should be no longer than 500 words and written using an industry standard policy format.
APA style is not required, but solid academic writing is expected.
ANSWER
Complex Passwords Security Policy
Purpose
The purpose of this policy is to establish guidelines and requirements for the creation and management of complex passwords within the organization. This policy aims to enhance the overall security posture by minimizing the risk of unauthorized access, data breaches, and other malicious activities that can result from weak or easily guessable passwords.
Scope
This policy applies to all employees, contractors, and third-party vendors who have access to the organization’s computing infrastructure, systems, applications, and data. It covers all devices, including but not limited to workstations, laptops, mobile devices, servers, and network equipment.
Policy Details
Password Complexity
All passwords must meet the following complexity requirements:
– Minimum password length of eight (8) characters (Sahin, 2015).
– Combination of uppercase and lowercase letters.
– Inclusion of numeric digits (0-9) and special characters (@, #, $, etc.).
– Avoidance of common words, sequential characters, or easily guessable patterns.
Passwords should be unique and not reused across different systems or accounts.
Passwords should not be written down or shared with others. Passwords should be treated as confidential information.
Password Management
Passwords must be changed at least every ninety (90) days.
Employees should not use personal information (e.g., names, birthdates) or easily discoverable information (e.g., employee ID) in their passwords.
Multifactor authentication (MFA) should be enabled where available to provide an additional layer of security.
Account Lockouts
After a specified number of unsuccessful login attempts (e.g., three), the account should be temporarily locked.
Account lockouts should be accompanied by appropriate notifications to the user and the IT department (Liu et al., 2019).
Compliance
All employees, contractors, and third-party vendors are responsible for complying with this policy. Failure to comply may result in disciplinary action, including but not limited to access restrictions, suspension, or termination of employment or contract.
Author
This policy has been authored by the IT Security Department in collaboration with the organization’s management and legal team (Syed et al., 2011).
Review Date
This policy will be reviewed annually or as deemed necessary by the IT Security Department to ensure its relevance and effectiveness.
Conclusion
The Complex Passwords Security Policy establishes guidelines for creating and managing strong passwords, reducing the risk of unauthorized access and data breaches. By adhering to these guidelines, we aim to safeguard our organization’s sensitive information and maintain a robust security posture. It is the responsibility of all employees, contractors, and third-party vendors to familiarize themselves with this policy and ensure compliance to protect our computing infrastructure and valuable assets.
References
Liu, Y., Squires, M., Taylor, C. R., Walls, R. J., & Shue, C. A. (2019). Account Lockouts: Characterizing and Preventing Account Denial-of-Service Attacks. In Lecture Notes in Computer Science. Springer Science+Business Media. https://doi.org/10.1007/978-3-030-37231-6_2
Sahin, C. S. (2015, December 17). General Framework for Evaluating Password Complexity and Strength. arXiv.org. https://arxiv.org/abs/1512.05814
Syed, Z., Banerjee, S., Cheng, Q., & Cukic, B. (2011, November). Effects of user habituation in keystroke dynamics on password security policy. In 2011 ieee 13th international symposium on high-assurance systems engineering (pp. 352-359). IEEE.https://ieeexplore.ieee.org/abstract/document/6113919/
We've got everything to become your favourite writing service
Money back guarantee
Your money is safe. Even if we fail to satisfy your expectations, you can always request a refund and get your money back.
Confidentiality
We don’t share your private information with anyone. What happens on our website stays on our website.
Our service is legit
We provide you with a sample paper on the topic you need, and this kind of academic assistance is perfectly legitimate.
Get a plagiarism-free paper
We check every paper with our plagiarism-detection software, so you get a unique paper written for your particular purposes.
We can help with urgent tasks
Need a paper tomorrow? We can write it even while you’re sleeping. Place an order now and get your paper in 8 hours.
Pay a fair price
Our prices depend on urgency. If you want a cheap essay, place your order in advance. Our prices start from $11 per page.