|
Where is that locked cabinet? If it's located in the same facility as the system, it might not do any good in a DR situation if the building is inaccessible. If you use an off-site storage vendor like Iron Mountain or Recall (more for document storage than media storage), store the envelope with them. That way, retrieving the password takes effort (and possibly cost) and an audit trail of who requested the envelope will be generated. Have the envelope 'expire' as often as the password changes. John A. Jones, CISSP Americas Information Security Officer Jones Lang LaSalle, Inc. V: +1-630-455-2787 F: +1-312-601-1782 john.jones@xxxxxxxxxx -----Original Message----- From: Dave Snyder [mailto:Dsnyder@xxxxxxxxxx] Sent: Thursday, February 24, 2005 8:10 AM To: midrange-l@xxxxxxxxxxxx Subject: Passwords We are reviewing our policy for maintaining "high-power" user passwords in a secure location, like for QSECOFR. Right now we maintain the password in a locked cabinet in an envelope that we replace each time the password changes. If the seal was broken we know the password was compromised. Does anyone have other ideas on how to maintain passwords of users that have great authority, especially for disaster recovery purposes, and also an easy way to change them periodically? Dave This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission. We have taken precautions to minimize the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.