Welcome to the third edition of the ISO17799 newsletter, designed to keep you abreast of news and developments with respect to 17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Guidance and information included in this months issue:
SIMPLE PASSWORD RULES
Choosing a secure password is an important element of effective information security within an organization, but good password management is of equal importance... this is another straight forward issue that is too often overlooked.
The following guidelines will enable you to protect your own passwords and maintain its confidentiality.
- Never give your password to anyone, even if that person claims to have authorization. (In the latter case, report such requests to your Information Security Officer immediately.)
- If you believe your password may have been compromised, change it immediately
- Never write down your password
- When receiving technical assistance, do not divulge or expose your password to the IT specialist, but stay with your computer and enter the password yourself when required. (If this is not possible, your Systems Administrator should have permission to log on your behalf.)
- Never store it on a computer file
- Change your password regularly. (Your system should prompt a change on, say, a monthly basis.)
Obvious? Maybe - but is surprising how many security breaches stem from employees and others NOT following these simple steps.