Mistake #3: Exposing passwords to others, such as logging in from a public computer, keeping a note with passwords written on it where it can be found or sharing passwords with others.
Remedy #3: Avoid the use of public computers and public access networks, if possible. If there is a need to use them, do not send or receive private, sensitive, or confidential information, and change the password afterward. Store passwords in an encrypted file or password manager and avoid sharing passwords.
- Install software patches, updates, and hot fixes in a timely manner to close security holes and potential vulnerabilities. The goal is to implement a robust software patch management process which is important in reducing vulnerabilities in an information system. As patches greatly impact the secure configuration of an information system, the patch management process should be integrated into configuration management at a number of points, as follows.
- Perform security impact analysis of patches
- Test and approve patches as part of the configuration change control process
- Update baseline configurations to include current patch level
- Assess patches to ensure they were implemented properly
- Monitor systems/components for current patch status
- Understand zero-day exploits and zero-day incidents (attacks). Zero-day exploits (i.e., actual code that can use a security vulnerability to carry out an attack) are used or shared by attackers before the software vendor fixes those exploits. A zero-day ...
Get Wiley CIAexcel Exam Review 2014 Focus Notes: Part 3, Internal Audit Knowledge Elements now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
