|
Posts: 12,877
Joined: September 2003
|
|
#38225
11/22/2011 6:53 PM
|
Joined: Oct 2007
Posts: 98
Member
|
OP
Member
Joined: Oct 2007
Posts: 98 |
I have a question about what is needed for an internal audit for security measures. I have enabled frequent password changes for Amazing Charts and the Windows network (domain). The server is located in a locked room. The wireless network code is 13 digits. What other measures should be taken to meet the requirements for an internal audit of security measures?
|
|
|
|
|
Joined: Apr 2010
Posts: 1,546 Likes: 1
Member
|
|
Member
Joined: Apr 2010
Posts: 1,546 Likes: 1 |
Ted, although others know much more about the specifics of your question, I'd like to put in my two cent's worth regarding the pitfalls of excessive security zealotry. We have a few systems that we periodically use that require frequent password changes, non-dictionary, numbers and characters, etc. The end result is that the passwords get written down and posted near the computer of the user. IT people seen to forget the human factors aspect of security.
David Grauman MD
Department of Medicine
Commonwealth Health Center
Saipan, Northern Mariana Islands
|
|
|
|
|
Joined: Dec 2009
Posts: 1,197 Likes: 8
Member
|
|
Member
Joined: Dec 2009
Posts: 1,197 Likes: 8 |
To make passwords easier, use passphrases. In Windows, set the password policy to require 14 character long passwords, turn of complexity requirements, and allow the users to make up a phrase.
My dog has fleas01
I hate passwords04
My business rocks04
When time to change the password, increment the number at the end.
I have found this approach improves security and gets people out of writing passwords down.
JamesNT
|
|
|
|
|
Joined: Apr 2010
Posts: 1,546 Likes: 1
Member
|
|
Member
Joined: Apr 2010
Posts: 1,546 Likes: 1 |
James, I will differ with you. By the time I have gotten to "Hermione13" it is impossible to remember what iteration I am on. So, I write it down.
I think that security for its own sake tends to get way out of hand. We are not talking about plans for weapons of mass destruction, here. I have a reasonable right to privacy, but the world will not end if my neighbor finds I am taking lisinopril. Yes, yes, I know all about what the government thinks is necessary. It also thinks I am delivering suboptimal care if I don't parse my patient's ethnicity to tiny increments. I have no plans to act illogically because a bureaucratic committee thinks it is important.
David Grauman MD
Department of Medicine
Commonwealth Health Center
Saipan, Northern Mariana Islands
|
|
|
|
|
Joined: Feb 2005
Posts: 2,002
Member
|
|
Member
Joined: Feb 2005
Posts: 2,002 |
David, if you are doing MU at all, you are acting illogically 
Leslie
Hospital Employed Physician Who Misses The Old AC
"It's a good thing for a doctor to have prematurely grey hair and itching piles. It makes him appear to know more than he does and gives him an expression of concern which the patient interprets as being on his behalf. "
|
|
|
|
0 members (),
65
guests, and
33
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
|
.png "ACUF Donor I")