Data Location: Server
-
Use strong passwords
—
by
Use strong passwords. Change authentication keys e.g., password, certificate, regularly – at least annually.
-
Unique user accounts
—
by
Create a unique, non-privileged, account for each user. Assign a different password for user and administrative accounts.
-
Patch notification
—
by
Stay informed of available patches for your operating system and applications.
-
Limit access
—
by
Information is accessible only for authorized purposes and shared only with those authorized to receive it.
-
Review user access
—
by
Review which user accounts have access to information at this level regularly – at least annually.
-
Revoke permissions
—
by
Revoke permissions when a user no longer needs access to information (e.g., upon project completion or job change).
-
Security responsibilities training
—
by
Train all users with access to ensure understanding of their responsibilities with regard to handling information.
-
Automatic software updates
—
by
Configure automatic download and application of software and operating system updates.