Anjar Priandoyo

“…Why we need to separate the ownership of root/administrator password into different person?
Should we put the password into different envelope?
Do i need to change this password so frequent?…”

A lot of question from the user/client related to password management guidelines. My answer, theoriticaly you can refer to some of guidelines from NIST 800-118, Guide to Enterprise Password Management. However this guidelines did not explain more detail about Privileged Password Management, such as root, sa or administrator account which usually not belong to single person.

Based on my experience the password for financial based transaction should be separated. Example for SAP power user (SAP*) should be separated on different envelope. But for OS & DB password, i can’t tell you the exact best practice, but theoritically will be depend on risk analysis itself. Company or regulations (as far i’m not sure, whether HIPAA, SOX, or FISMA required this) will determine whether is required or not.

Any suggestions?

Popularity: 32% [?]

“…Survey shows 39 percent of employees purchase their own laptop for work..”
techrepublic

“…The numbers are significant because it means that employees are a using their personal devices to access corporate data in large numbers. That can present a lot of serious challenges for IT, such as security, compliance, and customer privacy. That’s why there’s a push for IT to officially support more of these user-owned devices so that it can verify or set up enterprise-approved security and privacy settings…”

Repot juga kalau sudah begini, di Indonesia bagaimana ya?

Popularity: 17% [?]