Let’s examine the use of two-factor authentication for all remote users and by system administrators.
Every organization subject to PCI DSS is required to an annual compliance demonstration and regular security tests. One of these tests is called a “penetration test,” and it offers some useful insight into how and why PCI DSS works.
The real objective of a risk assessment is to help management make well-informed decisions about security safeguards that should be in place in the company.
Have a formal process for identifying and evaluating risks to your organization. As initiatives arise and the IT environment changes, assess the risks and seek ways to publicize those to your company executives.
The way Group Policy stores and secures passwords can leave you vulnerable. Make sure you know about this Group Policy security issue.