Welcome to the Palo Alto Networks. Cyber Security Academy, Secure Business Systems Administration, Acceptable use and Password policies. Presentation.
Acceptable use policies are critically important and need to be fully communicated, understood and accepted.
They should clearly state and user actions that they're both allowed and disallowed.
Acceptable use policy should be crafted and endorsed by stakeholders from both technology and business groups approved through legal N H R departments.
A UPS, however, can be confusing and sometimes not even we enforced. Different user groups may have different a U P conditions.
For example, on laptop User who Travels may need some local administrator rides in order to configure their devices for changing network services, whereas a laptop user who always works at the business site may not have that ability.
So similar issues can occur for different teams who also have different application level requirements.
So to be effective, and users need to be well trained on acceptable use policy practices,
the policies need to be clearly understood and accepted,
and a U. P is usually contained universal constraints, such as bans on offensive or obscene language that can apply to all levels of business activity.
A U. P policies, however, do not often state the procedures for how these policies will be monitored and enforced by policy administrators.
A UPS are also commonly designed to protect company assets, including the physical devices, tools, data and intellectual property. While in a U P may not specify enforcement procedures, it often clearly states the penalties in repercussions for noncompliance.
Password policies traditionally include constraints such as password length and complexity,
and they may also include strict practices, such as not writing down or communicating passwords via email or messaging.
Effective password policy compliance requires training, possibly even simulations, where end users are confronted with challenging situations that could occur in the workplace with password management
password policy. Best practices should be communicated to end users on a regular basis.
It's good practice to frequently remind employees how to securely manage their passwords.
Getting employees to move from single word passwords to more secure pass phrases often does take time and effort, but it's worth it.
Password policy should also be accompanied by detailed enforcement procedures.
Directory service settings that require specific password, length or history are not that difficult to define
more complex policies, such as not using the same password on multiple systems. Not writing down a password on paper will require more throw training, auditing and validation.
So frequent employees password training will not only improve business security, but it will also help security administrators with policy, auditing and enforcement.