Search in ISMS Guides


Monday, July 30, 2007


Choosing a secure password is an important element of effective information security within an organization, but good password management is of equal importance... this is another straight forward issue that is too often overlooked.

The following guidelines will enable you to protect your own passwords and maintain its confidentiality.

  • Never give your password to anyone, even if that person claims to have authorization. (In the latter case, report such requests to your Information Security Officer immediately.)
  • If you believe your password may have been compromised, change it immediately
  • Never write down your password
  • When receiving technical assistance, do not divulge or expose your password to the IT specialist, but stay with your computer and enter the password yourself when required. (If this is not possible, your Systems Administrator should have permission to log on your behalf.)
  • Never store it on a computer file
  • Change your password regularly. (Your system should prompt a change on, say, a monthly basis.)

Obvious? Maybe - but is surprising how many security breaches stem from employees and others NOT following these simple steps.

No comments: