Within 1 to 3 pages, develop a set of recommendations for passwords that will le

Question

Within 1 to 3 pages, develop a set of recommendations for passwords that will lead the call center to have positive answers to the questions:

•   Are IT services being delivered in line with business priorities?

•   Are IT costs optimized?

•   Is the workforce able to use the IT systems productively and safely?

•   Are adequate confidentiality, integrity and availability in place?

ONLY DO THIS PART, I PUT THE ABOVE BECAUSE IT'S RELATED TO THIS: As you are winding up your write-up for question 2, you ask your manager for feedback. He recognizes your use of CobiT and suggests that you add a recommendation of which the 34 generic processes in the textbook’s Figure 3 of Chapter 3 [1 pages 14] to manage the IT resources be applied for controlling passwords within the call center. Although you don’t have definitions for the generic processes, you can probably do a good job of picking 5 to 7 that will likely have a significant role in successful IT management. For example, DS5 Ensure systems security is an obvious one to include in your list

Explanation / Answer

List of Password Recommendations (“Password Management Best Practices”):oInstead of giving the call center reps passwords that are random, allowthem to create their own password. It will be easier for the reps toremember a password that they created.oSet up password requirements such as password must be at least 8characters, have at least one lower case letter, have at least one upper caseletter, and at least one digit. If possible, require passwords to have at leastone punctuation mark. Do not allow passwords that can be easily guessedsuch as birthdays, names, etc. Do not allow passwords to contain ausername or login ID. Do not allow passwords to have dictionary words.Do not allow passwords to have more than two pairs of letters.oGive each password an expiration date such as 60 or 90 days, that way thepasswords won’t stay the same and have to be changed. This way if anemployee gets fired or an unauthorized user obtains a password, it will nolonger be valid.oUsers should not be able to reuse old passwords or passwords that are toosimilar to previous passwords. If the company keeps a user’s passwordhistory, it will eliminate them from doing so and keep old potentiallycompromised passwords from being used.oIf passwords are forgotten, allow a user to reset their password securely, sothey will not have to go to management every time as was mentioned.oTo allow for extra security, login in can require a password and a PINnumber. It is unlikely that an unauthorized user will know both thepassword and PIN number in order to access that system. This way if apassword is compromised, the unauthorized user will still not be able toget login without the PIN number

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.