Skip to content
Awareity
Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Resellers
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Kansas Audit Reveals Questions and Lack of Implementation

By: Awareity
On: July 14, 2009

A new Computer Security Audit Report was released by Legislative Division of Post Audit State of Kansas in July 2009 providing an overview of computer and network security for five state agencies.  The audit found weak password controls and missing security patches for servers and 39 percent of one unnamed agency’s passwords were cracked within five minutes using free software that can be easily downloaded from the Internet.

To breach an agency’s passwords, hackers scan vulnerable servers that may not have the latest security patches applied and then locate an encrypted list of passwords they can copy and use password cracking software to reveal users’ passwords.

Both of the primary weaknesses targeted in this audit – server patches and weak passwords – reveal how a lack of implementation can lead to critical gaps that can lead to expensive and embarrassing incidents.

Just because an agency or organization has policies in a binder or on an intranet, does not mean that the policies and procedures are implemented. 

The last line of the article was quite insightful regarding the importance of implementation stating:

“Even the agency that had relatively strong policies and settings had 35 percent of its passwords cracked within five minutes.”

Lesson Learned:  Just because an agency or organization has policies and does once-a-year general training, does not mean the policies are implemented.   People (managers, employees, IT personnel, partners, contractors, vendors, etc.) must understand and accept responsibility for implementing policies so they can become a layer of security rather than a gap in your security.

Share this post to help us connect the dots...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Email this to someone
email
Print this page
Print
2009-07-14
Previous Post: New OSHA Program Targets Lack of Implementation
Next Post: Would you rather manage Lessons Learned or manage Data Breaches?

READ MORE:

WATCH MORE:


Get Solutions For Your Challenges!
 
 
 
 
 
 
Don't worry, we will only call if you request "Phone" as your contact preference. We hate spam calls too!


Not seeing the form to request information? Drop us a line and we'll send you more information!

Recent Blog Posts

Remembering Virginia Tech…and Learning Too

April 19, 2022

The Solution to Harden Cyber Defenses is Patching Your People

April 8, 2022

Next Exit – How I can help YOU

March 3, 2022

The First Preventers Model For Communities, Schools, and Organizations

January 4, 2022

School Board Violence & Challenges

November 8, 2021

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

| |

Designed using Dispatch Premium. Powered by WordPress.