| Logistix Inc. Risk Assessment Report | SE578 - Practices for Administration of Physical & Operations SecurityKeller Graduate School of ManagementPREPARED BY: PREPARED ON: APRIL 9, 2011 | | Over the past several weeks an assessment of Logistix Information Security posture has been under review from the perspective of both an insider looking out hoping to protect the organizations information assets and as an outside looking in attempting to gain unauthorized access to the organizations information assets. The overall objective of this assessment is to get a clear and concise picture of the organizations security posture and determine where any and all potential vulnerabilities lie, determine who might exploit the…show more content… Passwords should be a minimum of 15 characters in length, and contain no repeating characters. Each user’s password should be changed at a minimum every 60 to 90 days to ensure that if compromised the password is only good for a defined amount of time. In addition there should be a password history. This means that each user’s password should be remembered by the system for up to the past 10 passwords to prevent users from reusing the same password over and over.
The third risk identified to Logistix is the lack of user verification policies for the organizations technical support personnel. A user verification policy if extremely important as this outlines how technical support personnel will verify that the person they are speaking with on the phone is actually that person and not someone else pretending to be that person. Malicious users attempting to gain access to information that they are not supposed to have access to will use social engineering attacks such as this to pass themselves off as someone else in order get information or support from the technical support staff. This information or support could be anything such as a username, but these types of attacks are typically used to get a password reset as the malicious user typically already has the user’s logon name. In order to mitigate this risk, a user verification policy should be written and enforced. This policy is
