Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • In The News
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Partners in Prevention
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Kansas Audit Reveals Questions and Lack of Implementation

By: Awareity
On: July 14, 2009

A new Computer Security Audit Report was released by Legislative Division of Post Audit State of Kansas in July 2009 providing an overview of computer and network security for five state agencies.  The audit found weak password controls and missing security patches for servers and 39 percent of one unnamed agency’s passwords were cracked within five minutes using free software that can be easily downloaded from the Internet.

To breach an agency’s passwords, hackers scan vulnerable servers that may not have the latest security patches applied and then locate an encrypted list of passwords they can copy and use password cracking software to reveal users’ passwords.

Both of the primary weaknesses targeted in this audit – server patches and weak passwords – reveal how a lack of implementation can lead to critical gaps that can lead to expensive and embarrassing incidents.

Just because an agency or organization has policies in a binder or on an intranet, does not mean that the policies and procedures are implemented. 

The last line of the article was quite insightful regarding the importance of implementation stating:

“Even the agency that had relatively strong policies and settings had 35 percent of its passwords cracked within five minutes.”

Lesson Learned:  Just because an agency or organization has policies and does once-a-year general training, does not mean the policies are implemented.   People (managers, employees, IT personnel, partners, contractors, vendors, etc.) must understand and accept responsibility for implementing policies so they can become a layer of security rather than a gap in your security.

2009-07-14
Previous Post: New OSHA Program Targets Lack of Implementation
Next Post: Would you rather manage Lessons Learned or manage Data Breaches?

READ MORE:

WATCH MORE:

Not seeing the form to request information? Drop us a line and we’ll send you more information!

Recent Blog Posts

Higher Ed Research facts, silos, and different actions

April 10, 2025

Community Research facts, silos, and different actions

April 10, 2025

K12 Research facts, silos, and different actions

April 3, 2025

Bias-based Decisions Can Be Overcome

December 4, 2024

First Preventers Believe…

October 18, 2024

Rick Shaw, Founder & CEO

Click here to learn more about Founder, CEO, and Prevention Specialist, Rick Shaw.

Awareity on Twitter

Tweets by Awareity

Search

Tweets by Awareity

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.

This site uses cookies to ensure that we give you the best experience on our website. Continuing to use this site means you are agreeing to the use of cookies.Ok