Users must know that they are responsible for their credentials.

Adam Miller ISO 27001:2013 September 15, 2018January 23, 2019 1 Minute

Just a short blog today. Having a strong password policy is great but useless if your staff arnt aware of their role in protecting their credentials!

Security category – 9.3. User responsibilities

9.3.1. Use of secret authentication information

As discussed with Control – 9.2.4 all staff should be made aware that they are responsible for their account, credentials and the use, or misuse, of the same. Staff should not share their passwords, have them stored in an insecure form (post-its!), reuse the same password where SSO isn’t in use and should adhere to the organizations password guidelines (min length, use of passphrases etc).

Published by Adam Miller

View all posts by Adam Miller

Published September 15, 2018January 23, 2019

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Security category – 9.3. User responsibilities

9.3.1. Use of secret authentication information

Share this:

Like this:

Related

Published by Adam Miller

Leave a Reply Cancel reply