Letter to the Editor
I've been trying since November of 2002 to get some simple security measures implemented. They are in the information technology use policy, but have never been enforced.
One of these is something as simple as password age. I have told my supervisor on three occasions since last November that I have identified passwords that are more than 365 days old. However, I have seen no move whatsoever to get these employees to change their passwords.
IT and security use policy and education lists security officer positions, but not people. People come to me for security issues, but I am not the security officer.
Name withheld by request