Summer Regulatory Summit eBook

2. Additional Security for Admins

o The Organization should identify users who represent a high risk, and for which enhanced authentication controls are warranted to protect information systems. o Subsequently, the Organization should work toward implementing multi-factor authentication login requirements for users categorized as high-risk. o Elements to consider when identifying high-risk users have included: access to critical systems and data; privileged users , including security administrators; remote access to information systems; and key positions such as senior management. o Password length on all administrator accounts should include a minimum of fourteen (14) characters with complexity.

RECOMMENDATION

© SBS CyberSecurity, LLC www.sbscyber.com

8