Tightening the belt

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Heather Harreld

By Heather Harreld

|

A closer look at Kansas' Department of Administration's security policy

Related Links

"Security complex"

"Fixing a hole"

"Policies hinder uniting of nation's networks"

A closer look at Kansas' Department of Administration's security policy

In making the determination to use data and file encryption, the following

risks should be considered:

* Loss of state funds.

* Violation of individual expectations of privacy.

* Violation of state or federal law.

* Civil liability on the part of Department of Administration.

* Compromise of legal/investigative efforts.

* Loss of business opportunities for affected persons.

* Undue advantage to any person in the department's competitive business

relations.

Passwords must be:

* Individually owned.

* Kept confidential.

* Changed whenever disclosure has occurred or may have occurred, and

changed at least every 30 days.

* Changed significantly (i.e., not a minor variation of the current

password).

* A minimum of six characters, using alphanumeric characters.

* Encrypted when held in storage or when transmitted over communications

networks.

* Suspended after no more than three unsuccessful log-on attempts.

* Limited to one use when initially issued or when reset or reissued

by security administration personnel.

NEXT STORY: Report: Income, not ethnicity, determines access