Tightening the belt
- By Heather Harreld
- Aug 07, 2000
A closer look at Kansas' Department of Administration's security policy
In making the determination to use data and file encryption, the following
risks should be considered:
* Loss of state funds.
* Violation of individual expectations of privacy.
* Violation of state or federal law.
* Civil liability on the part of Department of Administration.
* Compromise of legal/investigative efforts.
* Loss of business opportunities for affected persons.
* Undue advantage to any person in the department's competitive business
Passwords must be:
* Individually owned.
* Kept confidential.
* Changed whenever disclosure has occurred or may have occurred, and
changed at least every 30 days.
* Changed significantly (i.e., not a minor variation of the current
* A minimum of six characters, using alphanumeric characters.
* Encrypted when held in storage or when transmitted over communications
* Suspended after no more than three unsuccessful log-on attempts.
* Limited to one use when initially issued or when reset or reissued
by security administration personnel.