> From: Hilal Hussein [mailto:[EMAIL PROTECTED]
>
> 1-For the Password Policy, i got lots of documents from the
> net, and i came
> out with two policies, one for "the creation of strong passwords, the
> protection of those passwords, and the frequency of change"
> and the other is
> for "how to write down passwords and seal them in an
> envelope, how to store
> them and retrieve them appropriately".
> Q1: do I have to keep it two policies or it is perferable to
> merge both in one document?
I prefer "THE Password Policy" to "Which password policy covers
this?"
I would, however, add a third section that deals with sharing /
revealing / cracking of passwords. Make it clear (a) that cracking
is not allowed, (b) that sharing is not allowed, and that (c) unless
their is reason to believe that a *strong* (back to one of your existing
pieces) password was cracked, the account's user of record will be held
accountable for all use made.
David Gillett
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
