SlideShare ist ein Scribd-Unternehmen logo

The Role of Password Management in Achieving Compliance

PortalGuard
PortalGuard

Password management solutions have had a dramatic impact on organiza-tions; from eliminating password-related Help Desk calls to simplifying end-user access, password management has gone beyond tightening security to delivering improvements to the bottom line. Now, with the implementation of Sarbanes-Oxley, HIPAA and other regulations, password management has proven to be a strategic component for successful compliance. http://www.portalguard.com

Software
1 von 9
Downloaden Sie, um offline zu lesen
© 2011, PistolStar, Inc. All rights reserved. The Role of Password Management in Achieving Compliance PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com WhitePaper
© 2011, PistolStar, Inc. All rights reserved. The Role of Password Management in Achieving Compliance Overview Password management solutions have had a dramatic impact on organiza- tions; from eliminating password-related Help Desk calls to simplifying end- user access, password management has gone beyond tightening security to delivering improvements to the bottom line. Now, with the implementation of Sarbanes-Oxley, HIPAA and other regulations, password management has proven to be a strategic component for successful compliance. Table of Contents Introduction 1.0 Regulatory Compliance Entails Securing Critical Data 1.1 Purpose and Overview 1.2 Password Management: More Than Security 2.0 The Beauty of Password Management 2.1 What Governmental Regulations Require 2.2 What Password Management Systems Should Provide 2.3 Password Management Solutions Facilitating Compliance 3.0 PortalGuard’s Password Management Solution 3.1 Meeting the Challenges of Compliance 3.2 Increasing Security and Reaping Bottom Line Results 3.3 Summary 4.0 Appendix A – System Requirements 5.0 Appendix B – Resources 6.0 The Role of Password Management in Achieving Compliance
© 2011, PistolStar, Inc. All rights reserved. Page 1 The Role of Password Management in Achieving Compliance 1.0 Introduction 1.1 Regulatory Compliance Entails Securing Critical Data Compliance with governmental regulations has not only been a hot issue for corporate management, but a major concern of IT departments as well. These regulations mandate that organizations protect and secure access to sensitive financial data and customer and patient information, dramatically impacting the IT infrastructure as well as business processes. In the past decade, several laws have passed that have forced organizations to establish corporate compliance policies. The three most significant laws are: Sarbanes-Oxley Act (SOX) – A reaction to the accounting scandals occurring in 2001 and 2002, SOX requires publicly-traded companies to implement con- trols with respect to specific internal business processes. This necessitates having an outside auditor certify the accuracy of financial statements and per- forming an annual assessment of internal controls relating to the security of critical data, particularly financial information. Health Insurance Portability and Accountability Act (HIPAA) – Requires that health institutions employ procedures that protect the disclosure of an individ- ual’s personal health information, ensuring the privacy and security of that in- formation as it is collected, processed and transferred to other health organi- zations. Gramm-Leach-Bliley Act (GLB) – Requires that financial institutions (and per- sons that receive protected information from financial institutions) adopt strict measures for protecting the privacy and security of customer data. Because of these laws and others, such as SEC Rule 17a-3/17a-4 and the Electronic Signatures Act, organizations have been compelled to implement strategies for retaining critical data and assuring corporate governance. Con- sequently, to maintain the security of databases and their intranet, an organi- zation’s IT department is challenged with the task of ensuring there is a com- pliance architecture in place. Several types of technologies should be considered to support compliance. They include: Data storage and backup/recovery systems to maintain historical data and provide on-demand access; A high-speed LAN infrastructure to support collaboration and provide real-time information for viewing what’s occurring in the organization at any given moment; Broadband WANs and extranets to conduct operations around the globe and facilitate collaboration with partners and governance entities; Centralized compliance process and risk-management software to be integrated with existing and planned business applications; and, most importantly, Security systems, such as authentication, encryption and end-user passwords, to safeguard against unauthorized access and/or fraud and data theft. 1. Passwords are the right of entry to the servers, applications and intra- nets on which critical data is stored, and they are essential for securing these areas from unauthorized persons. Compliance with governmental regulations has not only been a hot issue for corporate management, but a major concern of IT departments as well.
© 2011, PistolStar, Inc. All rights reserved. Page 2 The Role of Password Management in Achieving Compliance 2. Accordingly, password management can play a key role in protecting data and files that are the focus of corporate compliance. As organizations coordinate their response to the recent governmental regula- tions and begin implementing the necessary changes, there are many IT solu- tions that should be considered. However, password management is the most instrumental in controlling and securing access to protected information and it should be a significant part of any organizations’ compliance strategy. 1.2 Purpose and Overview While password management offers organizations peace of mind as a result of enhanced system security and improvements in end-user and Help Desk productivity, specific capabilities also contribute significantly to achieving com- pliance. This paper will look at the dramatic impact password management solutions have had on organizations. From eliminating password-related Help Desk calls to simplifying end-user access, password management has gone beyond tightening security to delivering improvements to the bottom line. Now, with the implementation of Sarbanes-Oxley, HIPAA and other regulations, pass- word management has proven to be a strategic component for successful compliance. We will explore the numerous ways in which password management capabili- ties aid in compliance, addressing the requirements of the three main govern- mental regulations: Sarbanes-Oxley, HIPAA, and Gramm-Leach-Bliley. We’ll then identify the specific password management capabilities that support com- pliance, delving into what organizations should look for when investigating password management solutions. In closing, we’ll present a software platform that provides the secure password management capabilities that organizations need and will help satisfy the ac- cess control and data protection requirements of governmental regulations. 2.0 Password Management: More Than Security 2.1 The Beauty of Password Management Passwords are vital to gaining access to servers, applications, the Web, intra- nets, and extranets across and beyond the enterprise. Organizations can se- cure specific areas of their networks by utilizing passwords to prevent access from unauthorized persons. The introduction of password management solutions has allowed organiza- tions to increase and maintain corporate security, protecting important applica- tions, data, and files. Most importantly, password management has helped IT departments address two of their biggest challenges: Securing the password authentication process without increasing calls to the Help Desk about resets; and heading off network intruders who attempt to gain access to critical data and files by guessing passwords or seizing upon weak ones. Password management solutions primarily evolved from the many issues cre- ated because of the widespread corporate use of passwords, particularly the necessity of having multiple passwords for accessing the numerous servers, From eliminating password related Help Desk calls to simplifying end-user access, password management has gone beyond tightening security to delivering improvements to the bottom line.
© 2011, PistolStar, Inc. All rights reserved. Page 3 The Role of Password Management in Achieving Compliance directories and applications in an enterprise. Having to remember numerous sets of credentials and which password to use for each application creates frustration for end-users and increased calls to the Help Desk because of lost or forgotten passwords and the need to create new ones. IT experiences huge overhead, while both administrators and end-users suffer lost productiv- ity due to the time required for creating new passwords manually. To restore overall productivity and also respond to the increasing number of corporate employees who are working remotely and at non-traditional hours, one of the most welcome capabilities of password management is self-service password management, which allows end-users to create and reset their own passwords, without contacting IT for assistance. With multiple passwords, synchronization can also be problematic since pass- word policies are frequently disparate. Most often, it is the password quality and password expiration settings that are dissimilar for various passwords. Password management automatically enables accurate synchronization of passwords, ensuring uninterrupted access. Security also becomes an indisputable concern with multiple passwords in use, because end-users often leave passwords jotted on notes left on or near their computers. To address all the issues arising from assigning end-users with numerous usernames and passwords, companies are deploying solutions that will simplify and secure the password authentication and management process for end-users, thereby freeing up the time and resources used by IT to respond to password-related calls. An added and critical benefit of pass- word management is its numerous capabilities that also aid in achieving cor- porate compliance. 2.2 What Governmental Regulations Require There is a significant overlap in the requirements raised by the main corporate governance and privacy regulations, as outlined below. Common require- ments that are satisfied by password management capabilities are: 1. Strong and reliable authentication 2. Strict control over end-user access to systems and data, including timely removal of access after an employee departure 3. Thorough audit trails and reporting on end-user access to specific sys- tems and data The following summarizes the password security and management require- ments of each regulation. Sarbanes-Oxley (SOX) – There are several components to SOX, but it clearly stipulates that organizations are required to establish an “adequate internal control structure,” including control over system access. Sections 302 and 404 of SOX specifically require CEOs and CFOs to ensure their business processes are under control. Password management solutions facilitate SOX compliance by: Ensuring end-user access to only those systems and applications re- quired for their jobs; Enforcing strong password policies, especially for end-users who have access to sensitive or protected records; Ensuring enterprise access privileges are removed when an employee leaves the organization; An added and critical benefit of password management is its numerous capabilities that also aid in achieving corporate compliance.
© 2011, PistolStar, Inc. All rights reserved. Page 4 The Role of Password Management in Achieving Compliance Eliminating end-users’ need to share authentication information with the Help Desk or IT staff for password reset or system access; Automating password reset processes to eliminate human error; and Ensuring complete, accurate audit trails for all changes in access rights. HIPAA – For healthcare organizations such as hospitals, physicians’ group practices, insurance carriers, and HMOs, HIPAA presents major challenges to maintain the privacy of an individual patient’s personal health information. To ensure compliance, these organizations not only need to train employees on privacy measures and have someone appointed to oversee privacy initiatives; more importantly, they need to secure access to patient records. Password management solutions meet the challenges of HIPAA compliance by: Enabling strict authentication and enforcing strong password policies for end-users with access to patient records; Protecting disclosure of a patient’s personal health information by en- suring that access to patient’s records is only granted to authorized end-users and is immediately rescinded when an authorized end-user leaves the health care organization; Implementing automated and self-service processes for creating and managing passwords; and Tracking login attempts and reporting on access to protected areas to capture any suspicious or unauthorized activity as well as changes in access rights. Gramm-Leach-Bliley (GLB) – The GLB Act is directed at all financial institu- tions, including banks, securities firms and insurance companies, and requires the adoption of strict measures for protecting the privacy and maintaining the security of customer information. The guidelines stipulate that these organiza- tions must control risks to customer information, protect against threats to the security and integrity of customer records, guard against unauthorized access to these records, and implement authentication processes that only allow ac- cess to authorized employees. Password management solutions contribute to GLB compliance by: Enforcing password policies for end-users with access to customer information; Ensuring access to customer records is disabled as soon as employ- ees leave financial institutions; Eliminating end-users’ need to share authentication information with the Help Desk or IT staff for password reset or system access; Automating password reset processes; and Ensuring complete, accurate audit trails for all changes in access rights. 2.3 What Password Management Systems Should Provide Clearly, to satisfy the authentication and access management needs of corpo- rate compliance, organizations should ensure their password management system offers the following capabilities: Secure password authentication processes; Strong password quality; Enforced security and password policies to ensure passwords are not Password management solutions meet the challenges of HIPAA compliance by protecting disclosure of a patient’s personal health information by ensuring that access to patient’s records is only granted to authorized end-users and is immediately rescinded when an authorized end-user leaves the health care organization..
© 2011, PistolStar, Inc. All rights reserved. Page 5 The Role of Password Management in Achieving Compliance only strong (and not easily guessable), but also changed on a regular basis; Unified password policies for ensuring accurate password synchroniza- tion; Secure and controlled access by end-users; Secure and automatic password creation and reset processes; Self-service capabilities that allow end-users to manage their own ac- count and perform their own password resets and recovery, ensuring they have complete understanding of the systems and data to which they have access; and Reporting on login attempts and end-user requested access to specific data. Password management is one of the most beneficial technologies for achiev- ing compliance. When deployed, password management not only reduces costs and increases security, but makes compliance with governmental regu- lations easier and more demonstrable. 3.0 A Password Management Solution Facilitating Compliance 3.1 PortalGuard’s Password Management With a focus on continually simplifying access and further easing password management woes for end-users, PortalGuard delivers its password manage- ment solution. With this functionality, PortalGuard has responded to its cus- tomers’ compliance needs by ensuring robust password authentication, con- trolled system access, and consistent enforcement of corporate security poli- cies. PortalGuard With PortalGuard, companies can increase password security and provide self-service functionality to end-users. PortalGuard offers a robust set of au- thentication features, including single sign-on and self-service password reset. 3.2 Meeting the Challenges of Compliance PortalGuard’s password management solution supports the system access management and data protection requirements of SOX, HIPAA, and GLB. The following are their compliance-related capabilities: Facilitating and enforcing the use of stronger passwords; Ensuring employees only have access to systems and information re- quired for their jobs; Guaranteeing accounts are disabled and access is completely revoked when employees leave company; Automating password reset processes to eliminate human error; Ensuring complete, accurate audit trails and reports on all account changes, login attempts; Enforcing password policies that require passwords to be strong and changed regularly; Enabling strong authentication; and Protecting sensitive corporate and customer data through encryption. 3.3 Increasing Security and Reaping Bottom Line Results When deployed, password management not only reduces costs and increases security, but makes compliance with governmental regulations easier and more demonstrable.
© 2011, PistolStar, Inc. All rights reserved. Page 6 The Role of Password Management in Achieving Compliance Companies implementing PortalGuard can realize a significant and immediate return on investment (ROI). In addition to aiding compliance, these solutions provide tremendous cost-savings by decreasing Help Desk calls, which can drain support staff time and money, and heading off potential security breaches caused by issues that can arise in the password authentication and management process. Both IT administrators and end-users benefit in several ways. Administrators can address specific problems and challenges, such as enabling secure ac- cess to corporate intranets and extranets, and protecting applications and content from illegal usage. They can also achieve security “best practices” through the ability to define password rules and numerous password prefer- ences related to password quality, history, expiration, 3-strikes and last login. End-users have the convenience of performing password resets via self- service functionality that allows them to securely manage and reset their pass- words directly from a Web browser, and without Help Desk intervention. By removing the need to engage IT and wait for a new password to be created, PortalGuard reduces end-users’ downtime and allows both administrators and end-users to be more productive. Password management has already earned respect as a valuable solution by meeting corporate objectives such as diminishing employee downtime, in- creasing end-user and IT productivity, and incorporating security “best prac- tices.” By also playing a significant role in achieving compliance, password management can have a profound impact on an organization’s bottom line, drawing the attention of senior management and reigning at the top of the “must-have technologies” list. 4.0 Summary Complying with recently established governmental regulations is currently paramount in the minds of organizations. To be compliant, organizations need to ensure they are protecting critical financial data and reports, and pa- tient and customer information, requiring they formulate a strategy to create compliance policies and build a compliance infrastructure. Several depart- ments are impacted, but none more so than IT, which is responsible for the security of the organization’s networks and the information and files contained with them. Several technologies should be considered when mounting a compliance strategy, including an IT security system that features password authentication and management. While the financial investment of implementing technology for compliance purposes can be cost-prohibitive, password management is an inexpensive solution that is efficient, delivers benefits in several areas, and demonstrates a return on investment. Password management systems are available that address several needs, such as password security, authentication, access management, and self- service functionality. Organizations that need to comply with one or more gov- ernmental regulation should ensure their password management system deliv- ers strong passwords, provides secure authentication, and enforces security and password policies through “best practices.” Organizations that are required to achieve compliance need to act quickly, as In addition to aiding compliance, PortalGuard provides tremendous cost- savings by decreasing Help Desk calls and heading off potential security breaches caused by issues that can arise in the password authentication and management process.
© 2011, PistolStar, Inc. All rights reserved. Page 7 The Role of Password Management in Achieving Compliance they risk legal action as well as stiff government fines and restrictions. With the time and financial commitment involved with strategic planning, creating compliance policies and investing in technologies, it is reassuring that there is one solution that will efficiently and cost-effectively meet their needs. With password management, organizations can meet the challenges of compli- ance. ### With the time and financial commitment involved with strategic planning, creating compliance policies and investing in technologies, it is reassuring that there is one solution that will effectively meet their needs. With password management, organizations can meet the challenges of compliance.

Empfohlen

Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Fasoo
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During DownsizingConstantine Karbaliotis
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity ManagementProduct Marketing Services
 
Running head hardware and software security14 hardware an
Running head hardware and software security14 hardware anRunning head hardware and software security14 hardware an
Running head hardware and software security14 hardware anAKHIL969626
 

Empfohlen

Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Fasoo
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During DownsizingConstantine Karbaliotis
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity ManagementProduct Marketing Services
 
Running head hardware and software security14 hardware an
Running head hardware and software security14 hardware anRunning head hardware and software security14 hardware an
Running head hardware and software security14 hardware anAKHIL969626
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Task 2
Task 2Task 2
Task 2BIBEKCHAUDHARYBScHon
 
Data privacy how do you protect and delete data in the cloud
Data privacy how do you protect and delete data in the cloudData privacy how do you protect and delete data in the cloud
Data privacy how do you protect and delete data in the cloudSalesBabuCRM
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
task 1
task 1task 1
task 1BIBEKCHAUDHARYBScHon
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)Network Intelligence India
 
Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliancetbeckwith
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBMargaret (Peggy) Daley
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the EnterpriseNetwrix Corporation
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Information Asset Registers: A Short Guide
Information Asset Registers: A Short GuideInformation Asset Registers: A Short Guide
Information Asset Registers: A Short GuideJanet Brimson
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Five ways to protect your crm data in the cloud
Five ways to protect your crm data in the cloudFive ways to protect your crm data in the cloud
Five ways to protect your crm data in the cloudSalesBabuCRM
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRReynold Leming
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthroughsiddarthc
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 

Weitere ähnliche Inhalte

Was ist angesagt?

ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Data privacy how do you protect and delete data in the cloud
Data privacy how do you protect and delete data in the cloudData privacy how do you protect and delete data in the cloud
Data privacy how do you protect and delete data in the cloudSalesBabuCRM
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliancetbeckwith
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Information Asset Registers: A Short Guide
Information Asset Registers: A Short GuideInformation Asset Registers: A Short Guide
Information Asset Registers: A Short GuideJanet Brimson
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Five ways to protect your crm data in the cloud
Five ways to protect your crm data in the cloudFive ways to protect your crm data in the cloud
Five ways to protect your crm data in the cloudSalesBabuCRM
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRReynold Leming
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthroughsiddarthc
 

Was ist angesagt? (20)

ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
 
Task 2
Task 2Task 2
Task 2
 
Data privacy how do you protect and delete data in the cloud
Data privacy how do you protect and delete data in the cloudData privacy how do you protect and delete data in the cloud
Data privacy how do you protect and delete data in the cloud
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
task 1
task 1task 1
task 1
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliance
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEB
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Information Asset Registers: A Short Guide
Information Asset Registers: A Short GuideInformation Asset Registers: A Short Guide
Information Asset Registers: A Short Guide
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
Five ways to protect your crm data in the cloud
Five ways to protect your crm data in the cloudFive ways to protect your crm data in the cloud
Five ways to protect your crm data in the cloud
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach Matters
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPR
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthrough
 

Ähnlich wie The Role of Password Management in Achieving Compliance

Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRAbhishek Sood
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
20110518-4 ARMA Central Iowa Records Management 2.0
20110518-4 ARMA Central Iowa Records Management 2.020110518-4 ARMA Central Iowa Records Management 2.0
20110518-4 ARMA Central Iowa Records Management 2.0Jesse Wilkins
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
Igs animation s;lide
Igs animation s;lideIgs animation s;lide
Igs animation s;lideRecommind
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxjesusamckone
 

Ähnlich wie The Role of Password Management in Achieving Compliance (20)

Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access Management
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
A smarter way to manage identities
A smarter way to manage identitiesA smarter way to manage identities
A smarter way to manage identities
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPR
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
20110518-4 ARMA Central Iowa Records Management 2.0
20110518-4 ARMA Central Iowa Records Management 2.020110518-4 ARMA Central Iowa Records Management 2.0
20110518-4 ARMA Central Iowa Records Management 2.0
 
Basic concepts
Basic conceptsBasic concepts
Basic concepts
 
Identity Management In Cloud Computing
Identity Management In Cloud ComputingIdentity Management In Cloud Computing
Identity Management In Cloud Computing
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Igs animation s;lide
Igs animation s;lideIgs animation s;lide
Igs animation s;lide
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 

Mehr von PortalGuard

Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better PasswordPortalGuard
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalPortalGuard
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalPortalGuard
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product TourPortalGuard
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive OverviewPortalGuard
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard PlatformPortalGuard
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution? PortalGuard
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopPortalGuard
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
Password Security and CJIS Compliance
Password Security and CJIS CompliancePassword Security and CJIS Compliance
Password Security and CJIS CompliancePortalGuard
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 

Mehr von PortalGuard (15)

Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better Password
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web Portal
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web Portal
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product Tour
 
SSPM Retail
SSPM RetailSSPM Retail
SSPM Retail
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive Overview
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard Platform
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution?
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple Passwords
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor Approach
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
Password Security and CJIS Compliance
Password Security and CJIS CompliancePassword Security and CJIS Compliance
Password Security and CJIS Compliance
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not Alone
 

Kürzlich hochgeladen

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Kürzlich hochgeladen (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

The Role of Password Management in Achieving Compliance

  • 1. © 2011, PistolStar, Inc. All rights reserved. The Role of Password Management in Achieving Compliance PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com WhitePaper
  • 2. © 2011, PistolStar, Inc. All rights reserved. The Role of Password Management in Achieving Compliance Overview Password management solutions have had a dramatic impact on organiza- tions; from eliminating password-related Help Desk calls to simplifying end- user access, password management has gone beyond tightening security to delivering improvements to the bottom line. Now, with the implementation of Sarbanes-Oxley, HIPAA and other regulations, password management has proven to be a strategic component for successful compliance. Table of Contents Introduction 1.0 Regulatory Compliance Entails Securing Critical Data 1.1 Purpose and Overview 1.2 Password Management: More Than Security 2.0 The Beauty of Password Management 2.1 What Governmental Regulations Require 2.2 What Password Management Systems Should Provide 2.3 Password Management Solutions Facilitating Compliance 3.0 PortalGuard’s Password Management Solution 3.1 Meeting the Challenges of Compliance 3.2 Increasing Security and Reaping Bottom Line Results 3.3 Summary 4.0 Appendix A – System Requirements 5.0 Appendix B – Resources 6.0 The Role of Password Management in Achieving Compliance
  • 3. © 2011, PistolStar, Inc. All rights reserved. Page 1 The Role of Password Management in Achieving Compliance 1.0 Introduction 1.1 Regulatory Compliance Entails Securing Critical Data Compliance with governmental regulations has not only been a hot issue for corporate management, but a major concern of IT departments as well. These regulations mandate that organizations protect and secure access to sensitive financial data and customer and patient information, dramatically impacting the IT infrastructure as well as business processes. In the past decade, several laws have passed that have forced organizations to establish corporate compliance policies. The three most significant laws are: Sarbanes-Oxley Act (SOX) – A reaction to the accounting scandals occurring in 2001 and 2002, SOX requires publicly-traded companies to implement con- trols with respect to specific internal business processes. This necessitates having an outside auditor certify the accuracy of financial statements and per- forming an annual assessment of internal controls relating to the security of critical data, particularly financial information. Health Insurance Portability and Accountability Act (HIPAA) – Requires that health institutions employ procedures that protect the disclosure of an individ- ual’s personal health information, ensuring the privacy and security of that in- formation as it is collected, processed and transferred to other health organi- zations. Gramm-Leach-Bliley Act (GLB) – Requires that financial institutions (and per- sons that receive protected information from financial institutions) adopt strict measures for protecting the privacy and security of customer data. Because of these laws and others, such as SEC Rule 17a-3/17a-4 and the Electronic Signatures Act, organizations have been compelled to implement strategies for retaining critical data and assuring corporate governance. Con- sequently, to maintain the security of databases and their intranet, an organi- zation’s IT department is challenged with the task of ensuring there is a com- pliance architecture in place. Several types of technologies should be considered to support compliance. They include: Data storage and backup/recovery systems to maintain historical data and provide on-demand access; A high-speed LAN infrastructure to support collaboration and provide real-time information for viewing what’s occurring in the organization at any given moment; Broadband WANs and extranets to conduct operations around the globe and facilitate collaboration with partners and governance entities; Centralized compliance process and risk-management software to be integrated with existing and planned business applications; and, most importantly, Security systems, such as authentication, encryption and end-user passwords, to safeguard against unauthorized access and/or fraud and data theft. 1. Passwords are the right of entry to the servers, applications and intra- nets on which critical data is stored, and they are essential for securing these areas from unauthorized persons. Compliance with governmental regulations has not only been a hot issue for corporate management, but a major concern of IT departments as well.
  • 4. © 2011, PistolStar, Inc. All rights reserved. Page 2 The Role of Password Management in Achieving Compliance 2. Accordingly, password management can play a key role in protecting data and files that are the focus of corporate compliance. As organizations coordinate their response to the recent governmental regula- tions and begin implementing the necessary changes, there are many IT solu- tions that should be considered. However, password management is the most instrumental in controlling and securing access to protected information and it should be a significant part of any organizations’ compliance strategy. 1.2 Purpose and Overview While password management offers organizations peace of mind as a result of enhanced system security and improvements in end-user and Help Desk productivity, specific capabilities also contribute significantly to achieving com- pliance. This paper will look at the dramatic impact password management solutions have had on organizations. From eliminating password-related Help Desk calls to simplifying end-user access, password management has gone beyond tightening security to delivering improvements to the bottom line. Now, with the implementation of Sarbanes-Oxley, HIPAA and other regulations, pass- word management has proven to be a strategic component for successful compliance. We will explore the numerous ways in which password management capabili- ties aid in compliance, addressing the requirements of the three main govern- mental regulations: Sarbanes-Oxley, HIPAA, and Gramm-Leach-Bliley. We’ll then identify the specific password management capabilities that support com- pliance, delving into what organizations should look for when investigating password management solutions. In closing, we’ll present a software platform that provides the secure password management capabilities that organizations need and will help satisfy the ac- cess control and data protection requirements of governmental regulations. 2.0 Password Management: More Than Security 2.1 The Beauty of Password Management Passwords are vital to gaining access to servers, applications, the Web, intra- nets, and extranets across and beyond the enterprise. Organizations can se- cure specific areas of their networks by utilizing passwords to prevent access from unauthorized persons. The introduction of password management solutions has allowed organiza- tions to increase and maintain corporate security, protecting important applica- tions, data, and files. Most importantly, password management has helped IT departments address two of their biggest challenges: Securing the password authentication process without increasing calls to the Help Desk about resets; and heading off network intruders who attempt to gain access to critical data and files by guessing passwords or seizing upon weak ones. Password management solutions primarily evolved from the many issues cre- ated because of the widespread corporate use of passwords, particularly the necessity of having multiple passwords for accessing the numerous servers, From eliminating password related Help Desk calls to simplifying end-user access, password management has gone beyond tightening security to delivering improvements to the bottom line.
  • 5. © 2011, PistolStar, Inc. All rights reserved. Page 3 The Role of Password Management in Achieving Compliance directories and applications in an enterprise. Having to remember numerous sets of credentials and which password to use for each application creates frustration for end-users and increased calls to the Help Desk because of lost or forgotten passwords and the need to create new ones. IT experiences huge overhead, while both administrators and end-users suffer lost productiv- ity due to the time required for creating new passwords manually. To restore overall productivity and also respond to the increasing number of corporate employees who are working remotely and at non-traditional hours, one of the most welcome capabilities of password management is self-service password management, which allows end-users to create and reset their own passwords, without contacting IT for assistance. With multiple passwords, synchronization can also be problematic since pass- word policies are frequently disparate. Most often, it is the password quality and password expiration settings that are dissimilar for various passwords. Password management automatically enables accurate synchronization of passwords, ensuring uninterrupted access. Security also becomes an indisputable concern with multiple passwords in use, because end-users often leave passwords jotted on notes left on or near their computers. To address all the issues arising from assigning end-users with numerous usernames and passwords, companies are deploying solutions that will simplify and secure the password authentication and management process for end-users, thereby freeing up the time and resources used by IT to respond to password-related calls. An added and critical benefit of pass- word management is its numerous capabilities that also aid in achieving cor- porate compliance. 2.2 What Governmental Regulations Require There is a significant overlap in the requirements raised by the main corporate governance and privacy regulations, as outlined below. Common require- ments that are satisfied by password management capabilities are: 1. Strong and reliable authentication 2. Strict control over end-user access to systems and data, including timely removal of access after an employee departure 3. Thorough audit trails and reporting on end-user access to specific sys- tems and data The following summarizes the password security and management require- ments of each regulation. Sarbanes-Oxley (SOX) – There are several components to SOX, but it clearly stipulates that organizations are required to establish an “adequate internal control structure,” including control over system access. Sections 302 and 404 of SOX specifically require CEOs and CFOs to ensure their business processes are under control. Password management solutions facilitate SOX compliance by: Ensuring end-user access to only those systems and applications re- quired for their jobs; Enforcing strong password policies, especially for end-users who have access to sensitive or protected records; Ensuring enterprise access privileges are removed when an employee leaves the organization; An added and critical benefit of password management is its numerous capabilities that also aid in achieving corporate compliance.
  • 6. © 2011, PistolStar, Inc. All rights reserved. Page 4 The Role of Password Management in Achieving Compliance Eliminating end-users’ need to share authentication information with the Help Desk or IT staff for password reset or system access; Automating password reset processes to eliminate human error; and Ensuring complete, accurate audit trails for all changes in access rights. HIPAA – For healthcare organizations such as hospitals, physicians’ group practices, insurance carriers, and HMOs, HIPAA presents major challenges to maintain the privacy of an individual patient’s personal health information. To ensure compliance, these organizations not only need to train employees on privacy measures and have someone appointed to oversee privacy initiatives; more importantly, they need to secure access to patient records. Password management solutions meet the challenges of HIPAA compliance by: Enabling strict authentication and enforcing strong password policies for end-users with access to patient records; Protecting disclosure of a patient’s personal health information by en- suring that access to patient’s records is only granted to authorized end-users and is immediately rescinded when an authorized end-user leaves the health care organization; Implementing automated and self-service processes for creating and managing passwords; and Tracking login attempts and reporting on access to protected areas to capture any suspicious or unauthorized activity as well as changes in access rights. Gramm-Leach-Bliley (GLB) – The GLB Act is directed at all financial institu- tions, including banks, securities firms and insurance companies, and requires the adoption of strict measures for protecting the privacy and maintaining the security of customer information. The guidelines stipulate that these organiza- tions must control risks to customer information, protect against threats to the security and integrity of customer records, guard against unauthorized access to these records, and implement authentication processes that only allow ac- cess to authorized employees. Password management solutions contribute to GLB compliance by: Enforcing password policies for end-users with access to customer information; Ensuring access to customer records is disabled as soon as employ- ees leave financial institutions; Eliminating end-users’ need to share authentication information with the Help Desk or IT staff for password reset or system access; Automating password reset processes; and Ensuring complete, accurate audit trails for all changes in access rights. 2.3 What Password Management Systems Should Provide Clearly, to satisfy the authentication and access management needs of corpo- rate compliance, organizations should ensure their password management system offers the following capabilities: Secure password authentication processes; Strong password quality; Enforced security and password policies to ensure passwords are not Password management solutions meet the challenges of HIPAA compliance by protecting disclosure of a patient’s personal health information by ensuring that access to patient’s records is only granted to authorized end-users and is immediately rescinded when an authorized end-user leaves the health care organization..
  • 7. © 2011, PistolStar, Inc. All rights reserved. Page 5 The Role of Password Management in Achieving Compliance only strong (and not easily guessable), but also changed on a regular basis; Unified password policies for ensuring accurate password synchroniza- tion; Secure and controlled access by end-users; Secure and automatic password creation and reset processes; Self-service capabilities that allow end-users to manage their own ac- count and perform their own password resets and recovery, ensuring they have complete understanding of the systems and data to which they have access; and Reporting on login attempts and end-user requested access to specific data. Password management is one of the most beneficial technologies for achiev- ing compliance. When deployed, password management not only reduces costs and increases security, but makes compliance with governmental regu- lations easier and more demonstrable. 3.0 A Password Management Solution Facilitating Compliance 3.1 PortalGuard’s Password Management With a focus on continually simplifying access and further easing password management woes for end-users, PortalGuard delivers its password manage- ment solution. With this functionality, PortalGuard has responded to its cus- tomers’ compliance needs by ensuring robust password authentication, con- trolled system access, and consistent enforcement of corporate security poli- cies. PortalGuard With PortalGuard, companies can increase password security and provide self-service functionality to end-users. PortalGuard offers a robust set of au- thentication features, including single sign-on and self-service password reset. 3.2 Meeting the Challenges of Compliance PortalGuard’s password management solution supports the system access management and data protection requirements of SOX, HIPAA, and GLB. The following are their compliance-related capabilities: Facilitating and enforcing the use of stronger passwords; Ensuring employees only have access to systems and information re- quired for their jobs; Guaranteeing accounts are disabled and access is completely revoked when employees leave company; Automating password reset processes to eliminate human error; Ensuring complete, accurate audit trails and reports on all account changes, login attempts; Enforcing password policies that require passwords to be strong and changed regularly; Enabling strong authentication; and Protecting sensitive corporate and customer data through encryption. 3.3 Increasing Security and Reaping Bottom Line Results When deployed, password management not only reduces costs and increases security, but makes compliance with governmental regulations easier and more demonstrable.
  • 8. © 2011, PistolStar, Inc. All rights reserved. Page 6 The Role of Password Management in Achieving Compliance Companies implementing PortalGuard can realize a significant and immediate return on investment (ROI). In addition to aiding compliance, these solutions provide tremendous cost-savings by decreasing Help Desk calls, which can drain support staff time and money, and heading off potential security breaches caused by issues that can arise in the password authentication and management process. Both IT administrators and end-users benefit in several ways. Administrators can address specific problems and challenges, such as enabling secure ac- cess to corporate intranets and extranets, and protecting applications and content from illegal usage. They can also achieve security “best practices” through the ability to define password rules and numerous password prefer- ences related to password quality, history, expiration, 3-strikes and last login. End-users have the convenience of performing password resets via self- service functionality that allows them to securely manage and reset their pass- words directly from a Web browser, and without Help Desk intervention. By removing the need to engage IT and wait for a new password to be created, PortalGuard reduces end-users’ downtime and allows both administrators and end-users to be more productive. Password management has already earned respect as a valuable solution by meeting corporate objectives such as diminishing employee downtime, in- creasing end-user and IT productivity, and incorporating security “best prac- tices.” By also playing a significant role in achieving compliance, password management can have a profound impact on an organization’s bottom line, drawing the attention of senior management and reigning at the top of the “must-have technologies” list. 4.0 Summary Complying with recently established governmental regulations is currently paramount in the minds of organizations. To be compliant, organizations need to ensure they are protecting critical financial data and reports, and pa- tient and customer information, requiring they formulate a strategy to create compliance policies and build a compliance infrastructure. Several depart- ments are impacted, but none more so than IT, which is responsible for the security of the organization’s networks and the information and files contained with them. Several technologies should be considered when mounting a compliance strategy, including an IT security system that features password authentication and management. While the financial investment of implementing technology for compliance purposes can be cost-prohibitive, password management is an inexpensive solution that is efficient, delivers benefits in several areas, and demonstrates a return on investment. Password management systems are available that address several needs, such as password security, authentication, access management, and self- service functionality. Organizations that need to comply with one or more gov- ernmental regulation should ensure their password management system deliv- ers strong passwords, provides secure authentication, and enforces security and password policies through “best practices.” Organizations that are required to achieve compliance need to act quickly, as In addition to aiding compliance, PortalGuard provides tremendous cost- savings by decreasing Help Desk calls and heading off potential security breaches caused by issues that can arise in the password authentication and management process.
  • 9. © 2011, PistolStar, Inc. All rights reserved. Page 7 The Role of Password Management in Achieving Compliance they risk legal action as well as stiff government fines and restrictions. With the time and financial commitment involved with strategic planning, creating compliance policies and investing in technologies, it is reassuring that there is one solution that will efficiently and cost-effectively meet their needs. With password management, organizations can meet the challenges of compli- ance. ### With the time and financial commitment involved with strategic planning, creating compliance policies and investing in technologies, it is reassuring that there is one solution that will effectively meet their needs. With password management, organizations can meet the challenges of compliance.