Názor k článku Regulace podle NIS2: Řízení rizik počítá s analýzou logů, pomohou nástroje SIEM od Danny - To rikaji jen ti, co vubec nesleduji trendy......
-
To rikaji jen ti, co vubec nesleduji trendy... ale co uz, Cesko, respektive nekteri radoby-bezpecaci holt mentalne zamrzli ve stoleti pary :-) Neverite?
https://www.ncsc.gov.uk/collection/passwords/updating-your-approach
https://www.packetlabs.net/posts/periodic-password-changes/
https://arstechnica.com/information-technology/2019/06/microsoft-says-mandatory-password-changing-is-ancient-and-obsolete/
https://gkaccess.com/why-password-change-requirements-are-bad/
https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2016/03/time-rethink-mandatory-password-changes
https://www.getanp.com/blog/5/why-forcing-frequent-password-changes-is-actually-harmful-for-security.phpNavic i ten NIST jste si precetl blbe, cituji z clanku 5.1.1.2 NIST SP 800-63B:
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.SHOULD NOT znamena, ze byste to delat nemel... a spousta tech odkazanych textu vyse to narozdil od vas reflektuje... :D
ČLÁNKY DO MAILU