Passwords Protection

Users shall have different passwords for different accounts.
All default passwords shall be changed upon installation of new software or new Operating System (OS).
Passwords shall be securely hashed and stored. Never store plain text passwords, and use strong, industry-standard encryption algorithms.
Failed login attempts shall be logged and limited to three times and then lock the user.
Account lockout duration shall be a minimum of 20 minutes to a maximum of 1 hour.
A two-factor authentication shall be set up for critical applications and/or systems.

Objectives

Benefits

Scope

Network design

Network Implementation

Network Management

User devices

Precaution measures

Stolen computers

User responsibilities

Hardware acquisition, maintenance

Hardware disposal

Software applications

Data

Business Continuity (BC) and Disaster Recovery (DR)

User collaboration and email service

Password Policy

Email Accounts

System access and authorization

Security Policy and Procedures

Minimizing the exposure of systems to External Networks

Access Control

Implement network segmentation

Institution awareness and Training

Audit and Accountability

Configuration Management

Identity Management and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Risk Assessment

System and Communications Protection

System and Information Integrity

Personally identifiable information (PII) Processing and Transparency

Contingency Planning

Supply Chain Risk Management

Passwords Protection

Assessment of the current situationge

Definition of the strategic target position

Definition of gaps

Establishing a roadmap to close the gaps.

Roles and responsibilities

Resources and Impact

Digitalization project initiation

Digitalization project documentation

Digitalization project implementation

Digitalization staff

Digitalization talent and capacity building

Challenge Definition

Ideation Stage

Prototyping

Testing Stage

Implementation

Passwords Protection