滚动草地,伊利诺伊州,美国-New computing password guidance from National Institute of Standards and Technology (NIST) will make for more secure and easier-to-remember passwords, but ISACA research shows it will take time to raise awareness and implement, 特别是在大型机环境中.
NIST announced new password and multifactor authentication guidance in June, amending prior guidance and including different approaches for password management, 复杂性, 长度及其他参数. The guidance challenges conventional wisdom that more complex and frequently reset passwords are more robust and resilient than alternative password characteristics, 例如一个句子或短语.
Global business technology association ISACA conducted a pulse poll in response to this fundamental shift in how NIST recommends passwords be secured and learned more about what practitioners are saying about the changes. More than half of respondents (54%) had not yet seen the recently released NIST password guidance, and the majority were not yet certain on their enterprises’ timetables for implementation.
“This survey was conducted shortly after the guidance was announced, so we expect the numbers to shift dramatically as more organizations become aware of and commit to these important recommendations,罗布·克莱德说, CISM, vice-chair of ISACA’s board of directors and managing director of Clyde Consulting LLC. “ISACA recommends that security and 保证 professionals review these new guidelines and make appropriate updates to their password policies and audit requirements. Updates like this highlight the importance of ensuring that enterprises have a process for implementing new security policies and audit requirements, both regularly and as warranted by special circumstances such as this new NIST guidance.”
“This update is the result of a year-long public/private development effort,保罗·格拉西说道, NIST的高级标准和技术顾问. “We are extremely excited that innovation in the marketplace allowed us to comfortably require multifactor authentication for a range of federal systems, especially those that make personal data available.”
关于密码创建的主题, Grassi said that NIST had a great deal of data revealing that users did predictable things when asked to include special characters and other composition rules, 并将这些数据纳入指南.
“While we retained the original cryptographic integrity of our password requirements, we adjusted the rules to account for end-user habits and to make passwords easier to remember, 但对对手来说更难攻破,他说.
ISACA’s poll also looked at password updates as it relates to the mainframe environment. While security controls are comparable in rigor to other environments, data stored in and business based on mainframes are of both higher criticality and sensitivity relative to other environments. Personnel employed to perform mainframe audits receive only moderate training in technical mainframe skills, with only 21% of poll respondents indicating auditors in their environment receive mainframe-specific technical training at least annually.
“ISACA commits to helping practitioners and their organizations understand more about this promising guidance, and how to implement it practically and effectively,克莱德说.
克莱德的指导就是其中之一 ISACA Now博客文章. 查看完整调查分析.
调查方法
ISACA compiled data from 1,426 responses to the online pulse poll conducted 9-13 August 2017. Participants were audit and security professionals in organizations with at least 5,000 employees. Survey respondents were contacted via email; the survey instrument was open for just over four days, 误差范围为2.4%.
关于ISACA
在接近50周年之际, ISACA (kingpaq.com) is a global association helping individuals and enterprises achieve the positive potential of technology. 当今世界是由科技驱动的, and ISACA equips professionals with the knowledge, 凭证, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, 治理, 保证, 风险与创新, 以及其澳门赌场官方下载绩效子公司, CMMI研究所,以科技推动创新. ISACA在超过188个国家设有分支机构, including more than 215 chapters and offices in both the United States and 中国.
Twitter: http://twitter.com/ISACANews
LinkedIn: http://www.linkedin.com/company/isaca
Facebook: www.脸谱网.com/ISACAHQ
Instagram: http://www.instagram.com/isacanews
