INFOGRAPHIC
“
TO MITIGATE
RISK AND EVOLVE
YOUR POLICY
AS NEEDED
YOU SHOULD
CONTINUOUSLY
ANALYSE
PRIVILEGED
PASSWORD, USER
AND ACCOUNT
BEHAVIOUR.
use of the password from a centralised
password safe.
Bring SSH keys under management
NIST IR 7966 offers guidance for
businesses, government organisations and
auditors on proper security governance
for SSH implementations that include
recommendations around SSH key discovery,
rotation, usage and monitoring.
Utilise threat analytics
To mitigate risk and evolve your policy as
needed you should continuously analyse
privileged password, user and account
behaviour and be able to identify anomalies
and potential threats.
Automate workflow management
While you can certainly build your own
internal rule sets to trigger alerts and
apply some policies around password
management, third-party solutions provide
robust capabilities that can streamline and
optimise the entire password management
life cycle. As with any IT security and
governance project, start with a scope. •
INTELLIGENTCIO
31