Skip to content
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Resellers
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Kansas Audit Reveals Questions and Lack of Implementation

By: Awareity
On: July 14, 2009

A new Computer Security Audit Report was released by Legislative Division of Post Audit State of Kansas in July 2009 providing an overview of computer and network security for five state agencies.  The audit found weak password controls and missing security patches for servers and 39 percent of one unnamed agency’s passwords were cracked within five minutes using free software that can be easily downloaded from the Internet.

To breach an agency’s passwords, hackers scan vulnerable servers that may not have the latest security patches applied and then locate an encrypted list of passwords they can copy and use password cracking software to reveal users’ passwords.

Both of the primary weaknesses targeted in this audit – server patches and weak passwords – reveal how a lack of implementation can lead to critical gaps that can lead to expensive and embarrassing incidents.

Just because an agency or organization has policies in a binder or on an intranet, does not mean that the policies and procedures are implemented. 

The last line of the article was quite insightful regarding the importance of implementation stating:

“Even the agency that had relatively strong policies and settings had 35 percent of its passwords cracked within five minutes.”

Lesson Learned:  Just because an agency or organization has policies and does once-a-year general training, does not mean the policies are implemented.   People (managers, employees, IT personnel, partners, contractors, vendors, etc.) must understand and accept responsibility for implementing policies so they can become a layer of security rather than a gap in your security.

2009-07-14
Previous Post: New OSHA Program Targets Lack of Implementation
Next Post: Would you rather manage Lessons Learned or manage Data Breaches?

READ MORE:

WATCH MORE:


Get Solutions For Your Challenges!
 
 
 
 
 
 
Don't worry, we will only call if you request "Phone" as your contact preference. We hate spam calls too!


Not seeing the form to request information? Drop us a line and we'll send you more information!

Recent Blog Posts

Bad News, Good News, and Better News

March 1, 2023

Lawsuits and Settlements Trending Sky High

February 17, 2023

Oklahoma State Department of Education Launches Awareity’s Prevention Platform & Tools

November 10, 2022

A Screw In Your Tire & Pre-Incident Prevention

August 23, 2022

When You Don’t Know What Others Know…Bad Things Can Happen (and are happening)

June 10, 2022

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

| |

Designed using Dispatch Premium. Powered by WordPress.