Possword Policy
Version: 2.0.
Policy Code:
DICT-QAP086
date:05/02/2024
Document Control
Executive Summary
Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of IAU entire network. The purpose of having a password policy is to ensure a more consistent measure of security for IAUs’ network and the information it contains. The implementation of this policy will better safeguard the personal and confidential information of all individuals and organizations affiliated, associated, or employed by the University. Additionally, this policy establishes a standard for creation of strong passwords, the protection of those passwords, and the frequency of change of passwords.
Introduction
The following are the objectives of the policy:
1. Defend against unauthorized access of Elcen Metal Products Co that could result in a compromise of personal or institutional data
2. Ensure that Elcen Metal Products Co resources are used in an appropriate fashion, and support the company’s
Elcen Metal Products Co
3. Encourage users to understand their own rights and responsibilities for protecting their passwords.
4. Protect the privacy and integrity of data stored on the company network.
Entities affected by this Policy
This policy applies to all persons who have, or are responsible for, an account on any system accessed on the Company network or computer systems.
Policy Statement
Guidelines & Procedures Statements
General Guidelines:
1. Passwords must be changed every 90 days. 2. All passwords must meet the definition of a Strong password described below in the strong password construction guidelines section.
3. Each successive password must be unique. Re-use of the same password will not be allowed. 4. Any temporary password will expire at 23:59:59 of the date issued. 5. A user account will be temporarily locked for three (3) minutes after 3 consecutive failed
logins:
a. Account Lockout Duration: 15 mins. b. Account Lockout Threshold: 3. c. Reset Account Lockout Counter: 30 mins.
6. The "reset password" process will be applied to users who logs in for the first time.
Poor, weak passwords have the following characteristics:
1. The password contains less than eight characters. 2. The password is a word found in a dictionary (English or foreign). 3. The password is a common usage word such as: a. Name of family, pets, friends, co-workers, fantasy characters, etc. b. Computer terms and names, commands, sites companies, hardware, software. c. Birthdays and other personal information such as addresses and phone numbers. d. Word or number patterns like aaabbb, 111222, zyxwvts, 4654321, etc. e. Any of the above spelled backward like fesuoy, damha, etc. f. Any of the above preceded or followed by a digit (e.g., secret1, 1secret).
Strong Password Construction Guidelines:
1. Are at least eight alphanumeric characters long
2. Passwords do not contain user ID
3. Contain no more than two identical characters in a row and are not made up of all numeric or alpha characters
4. Contain at least three of the five following character classes:
a. Lower case characters b. Upper case characters c. Numbers d. “Special” characters (e.g. @#$%^&*()_+|~-=\`{}[]:";'<>/ etc) e. Contain at least eight alphanumeric characters.
Responsibilities of the User Statements
Users are responsible for assisting in the protection of the network and computer systems they use. The integrity and secrecy of an individual's password is a key element of that responsibility. Everyone has the responsibility for creating and securing an acceptable password per this policy. Failure to conform to these restrictions may lead to the suspension of rights to Company systems or other action as provided by Company Policy.
Policy Violation
Anyone who violate this policy will be subject to any or all the following actions: Suspension of the company internet account/access. The referral of the case to the company Legal Department along with supporting evidence for an appropriate action.
Conclusion
By enforcing the acceptable use policy, we aim to achieve the following outcomes:
1. Better informed university community regarding acceptable and unacceptable use of Elcen Metal Products Co Resources.
2. Responsible Elcen Metal Products Co , community regarding the value and use of Elcen Metal Products Co , resources.
Appendix
The following terms are used in this document: Access - Connection of Company, personal or third party owned devices to anna star Infrastructure facilities via a direct or indirect connection method. Authorized User - An individual who has been granted access to anna star services Expiration - Date at which password for access to company systems is required to be changed meeting strong password standards. Information Resources - Assets and infrastructure owned by, explicitly controlled by, or in the custody of the company including but not limited to data, records, electronic services, network services, software, computers, and Information systems.
References
1. Acceptable Use Policy
Key Features
Effective Sharing of Goals 92%
Great Teamwork 90%
Strong Leadership 98%
Understands Risks 87%
Clearly Defined Structure 97%
Contact Details
Sales Direct Contact :
+971585925029
Email:
info@elcen-metal.com
Email:
sales@elcen-metal.com
Elcen Metal Products Company
Elcen Metal Products FZ-LLC
FDRK3658 Compass Building,
Al Shohada Road, Al Hamra Industial Zone-FZ Ras Al Khaimah,
United Arab Emirates
About us
Elcen Metal Product is leading Trading and Service Provider and providing highly professional solutions around the globe.