Thursday, January 15, 2009

who is accessing

How do I know who is accessing my information?

Authentication
Authentication is the process of ensuring that the correct user is identified as a trusted source and is authorised to conduct specific transactions.
The reason for having access controls is to permit access to information and technology on a need-to-know, job function-related basis and to ensure users cannot gain access to information and technology for which they are not authorised.
What to do
Establish access controls to ensure that:
• access to information and systems is limited to the minimal number of users
• system logs record who logs on, when, where and for how long, and track any deletions or modifications, changes to file or database structure
• additional workstations, systems and software are reviewed periodically.
Password protection
Passwords are the first line of defence against unauthorised access to information and systems.
All new accounts should be given initial passwords that are set by administrators. Once in the system new users can specify their own password, following a set of password definition guidelines.
What to do
Develop a password protection system for your business. You and your staff should:
• Avoid passwords that would be readily identifiable or easy for anyone to guess (such as family names, birth dates)
• Use a mix of upper and lower case alpha, numeric and special characters
• Memorise your passwords and make sure that you do not write down your password or store it in easy to find places or file on or near your computer
• Use a completely new password every time you change your password and never reuse old passwords
• Avoid using dictionary or foreign words because hackers have many tools, such as dictionary programs, to assist them. A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password
• Never share your password with anyone
• Never send your password via email
• Change your passwords regularly, at least every three months.
Posted by jaattey12 at 5:32 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)