This Process Street privileged password management process is engineered to provide protected access to sensitive data in a controlled and monitored manner.
When there is sufficient reason for a staff member to have access to sensitive data they request access and the process begins. The risk manager, or other person running this process, then verifies their request for access to the data.
The password for the account is given to the requesting staff member and they utilize the information as necessary. Once the access is no longer needed, the risk manager creates a new password for the information and stores it securely for future need.
This process aims to adhere to the highest standards of security in managing this information. However, you can adapt and edit this template to fit your specific needs and purposes by adding it to your Process Street account.
Having a strong privileged password management process in place is a vital part of securing your data. This is important for company performance, fighting brand damage, and providing safety for your clients or end users. Sufficient levels of security can often be required by law depending on the nature of the data you have stored and the industry your organization operates within.
There are two areas of risk when assessing password security:
- Technical risk
- Human risk
This process recommends using strong and well-constructed passwords to fight the technical risk, while also working on the basis that your sensitive data is stored separately to your main body of information.
These are both ways to reduce technical risk and further steps are covered by other processes within this IT security process pack.
However, the most common problem within security systems is often not technical, but human. These human errors don't always need to be malicious to cause serious harm. Intentional leaks or defrauding of companies and other organizations do occur by people within those organizations, but they are not a highly common occurrence.
As the rest of the processes in this pack also demonstrate, the danger is presented by both technical and human risks operating together. A staff member utilizing a weak password across their personal and work accounts while also having access to all company data is a failure on both fronts. This is where vulnerabilities can very easily appear.
This process tries to make sure there are accountable steps in place for the accessing of sensitive data and that by running the process we can create a log of who had access, when they had access, and who authorized that access.
Within the Process Street platform, each process run from a template creates an entry in the template overview section. This means that all data entered into the form fields of this checklist will automatically be stored for future reference.
You can backup this data by downloading it periodically as a CSV file if you wish to maintain independent logs.
Password management is a crucial part of running a large organization and is the cornerstone of security policy.
If you think we're overstating it, you think only idiots use "password", or you think tech savvy people are generally not going to create risks for you or your company...
Take a look at the password of four-star general and former CIA and NSA director General Michael Hayden: