Time
2 hours 13 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:07
Welcome to the Palo Alto Networks. Cyber Security Academy, Secure Business Systems Administration, Acceptable use and Password policies. Presentation.
00:18
Acceptable use policies are critically important and need to be fully communicated, understood and accepted.
00:25
They should clearly state and user actions that they're both allowed and disallowed.
00:30
Acceptable use policy should be crafted and endorsed by stakeholders from both technology and business groups approved through legal N H R departments.
00:41
A UPS, however, can be confusing and sometimes not even we enforced. Different user groups may have different a U P conditions.
00:50
For example, on laptop User who Travels may need some local administrator rides in order to configure their devices for changing network services, whereas a laptop user who always works at the business site may not have that ability.
01:03
So similar issues can occur for different teams who also have different application level requirements.
01:11
So to be effective, and users need to be well trained on acceptable use policy practices,
01:18
the policies need to be clearly understood and accepted,
01:21
and a U. P is usually contained universal constraints, such as bans on offensive or obscene language that can apply to all levels of business activity.
01:32
A U. P policies, however, do not often state the procedures for how these policies will be monitored and enforced by policy administrators.
01:42
A UPS are also commonly designed to protect company assets, including the physical devices, tools, data and intellectual property. While in a U P may not specify enforcement procedures, it often clearly states the penalties in repercussions for noncompliance.
02:02
Password policies traditionally include constraints such as password length and complexity,
02:08
and they may also include strict practices, such as not writing down or communicating passwords via email or messaging.
02:17
Effective password policy compliance requires training, possibly even simulations, where end users are confronted with challenging situations that could occur in the workplace with password management
02:30
password policy. Best practices should be communicated to end users on a regular basis.
02:37
It's good practice to frequently remind employees how to securely manage their passwords.
02:43
Getting employees to move from single word passwords to more secure pass phrases often does take time and effort, but it's worth it.
02:52
Password policy should also be accompanied by detailed enforcement procedures.
02:58
Directory service settings that require specific password, length or history are not that difficult to define
03:05
more complex policies, such as not using the same password on multiple systems. Not writing down a password on paper will require more throw training, auditing and validation.
03:17
So frequent employees password training will not only improve business security, but it will also help security administrators with policy, auditing and enforcement.

Up Next