Security Policy – Research Paper

`

PASSWORD POLICIES
Security Policy – Research Paper
MADDULA SAIMOHAN Student number: 3699961 Email: sm488@uow.edu.au

2010

MADDULA SAIMOHAN, STUDENT NUMBER 3699961

Abstract:
We’re secure! We use passwords!” How many of us have heard this claim? Or even – “We’re secure! We have a password policy!” Use a password or to calculate the world today, the password policy is not enough. To set a password in most cases the first line of defence, and much more. “A recent survey by Rainbow Technologies Inc. indicates that the use of insecure passwords can be costly -- and potentially risky -- for corporate data.”[Rosencrance] This paper focuses on the use of passwords and password policy good aspects and bad aspects, set of defined passwords according to password polices scenario that arise

Keywords:

Passwords, system security, threat assessment, company policy, university policy

Table of Contents Abstract: ..................................................................................................................... 2 Keywords: .................................................................................................................. 2 Introduction: ............................................................................................................... 3 Password policy good aspects: .................................................................................. 3 Password policy bad aspects: .................................................................................... 4 Key recommendation: ................................................................................................ 6 Conclusion: ................................................................................................................ 6 References: ................................................................................................................ 7

2

MADDULA SAIMOHAN, STUDENT NUMBER 3699961

Introduction:
In today 's

References: 1. Armstrong, I. (2003). “Passwords exposed users are the weakest link”. Scmagazine. June 2003. Accessed as on 21 August http://www.scmagazine.com/scmagazine/2003_06/cover/index.html 2. 3. Bishop, M. (2003). Computer Security. Art and Science. Addison Wesley. David C. Feldmeier and Philip R. Karn Accessed as on 10 September 2010 http://www.springerlink.com/content/ljy0753m9gwwkd6d/ 4. 5. Fisher, D. (2003). “Worms Prove Passwords Do Matter”. eWeek. March 11, 2003. Hitachi ID Systems Inc. (2009). Password Management Best Practices. Accessed as on 10 September 2010 http://www.psynch.com/docs/password-management-best-practices.pdf 6. Information Systems Audit and Control Association (ISACA) (2009). Certified Information Accessed as on 10 September 2010 7. 8. 9. Systems Auditor (CISA) Review Manual 2009. ISACA: Rolling Meadows, IL. Rosencrance, L. (2003). “Survey: Insecure passwords can be costly for companies,” Computer World. McDowell, M, Rafail, J, and Hernan J. (2004).Choosing and Protecting Passwords. Carnegie Mellon University. Accessed as on 10 September 2010 http://cns.esf.edu/Sec_Rec/PW_rec1.htm 10. Wagner, R. (2003). “Windows Password Weaknesses Could Threaten Your Enterprise,” Gartner First Take. Accessed as on 10 September 2010 http://www.gartner.com/resources/116500/116510/116510.pdf 7