First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

passwords

NIST’s recommended password policy evolves

As imperfect a means of authentication as they are, “memorized secrets” like passwords, pass phrases and PINs are common, and indeed are the primary means of authentication for most computer systems. In June, the National Institute of Standards and Technology issued a new publication on digital identity management that, in part, recommends changes to password policy that has become standard in many organizations—policy requiring passwords with special characters.

 

, , , , , , , ,

The new fraud: where is it coming from and what does it mean?

Businesses can be the target of fraud in numerous ways and from numerous sources. Anyone who does business with an organization is an obvious risk—suppliers, clients, employees, executives—the high profile fraud cases of recent years have mainly been internal. But increasingly, fraudsters have no connection to the organizations they target. They may be after credit card numbers, personal information, cash or goods, and they’re using methods beyond the understanding of the average businessperson. Organizations that do a significant amount of business online must be particularly careful.

 

, , , , , , , , , , , , , , , , , ,

Some legal pitfalls of security breaches to your company’s electronic data

The recent loss of a Canadian government hard drive containing personal information of receivers of student loans and the ensuing class action lawsuit are a stark reminder of how easy it is to be exposed to the pitfalls of data security breaches.

 

, , , , , , , , , , , , , , , , , , , , , ,

Are all those log-in passwords worth your time?

I’m sure this news will come as a relief to many computer and Internet users out there: a recent study by a researcher at Microsoft has found that many IT security measures—those things we love to hate like having to change passwords every three months or having individual passwords for a dozen different work accounts—simply don’t provide good value for the time and effort they involve, not to mention the bad habits they often cause!

 

, , , , , , , , , ,