- Availability – The timeliness and reliability of data delivery to authorized users.
- Confidentiality – Ensuring the privacy of data and that only authorized users have access.
- Integrity – The accuracy and reliability of the data itself.
When one individual coerces confidential information from another user utilizing nefarious and misleading methods.
Any weakness or avenue that can be exploited to compromise availability, confidentiality, or integrity of information.
Anything that can compromise the availability, confidentiality, or integrity of information.
The risk is the consequence of exploitation factored by the likelihood that a particular vulnerability will be exploited by a threat.
A control put into place to mitigate a potential risk.
- The password is simple yet effective. The user should never have to revert to writing it down.
- A minimum of 8 characters utilizing a mixture of upper & lower case, numbers and special characters. A good policy requires at least 1 from each category.
- No dictionary words
- Users are not allowed to repeat passwords for 8+ cycles.
- Changed at a maximum of every 90 days
- Changed at a minimum of 1-2 days
- There is such a thing as “Too much of a good thing”, when it comes to password policy.