4/20/24
Security methodology:
Controlling access and permissions are perhaps the two most critical elements.Two common approaches are:
Principles of Lease Privilege (PoLP)
OR
Zero Trust
7
Strong Authentication:
• Passwords: ISO 27001 requires organizations to create strong passwords that have a mix of letters, numbers, and special characters.The passwords must be at least 8 characters long and should not contain personal information such as first names, last names, or dates of birth. Passwords must also be renewed regularly; at least every 90 days. • MFA – Multi-factor Authentication: access requires something we know (password) and something we have (phone, email, etc. • Should we hold vendors/service providers to the same standards?
8
4
Made with FlippingBook - Online catalogs