From f58d71de631cfc9401c5e0b4bc31b53ca4cc80d0 Mon Sep 17 00:00:00 2001 From: Durgaghallay Date: Fri, 23 Sep 2022 19:51:24 +1000 Subject: [PATCH 1/2] docs:updated password guide This is a password guide for Thoth Tech. --- .../Password Guideline.md | 39 ++++++++++++++++++ .../# Updated Thoth Tech Password Guide.md | 40 +++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 docs/processes/Cybersecurity Guidelines/Password Guideline.md create mode 100644 docs/processes/cyber-security-guidelines/# Updated Thoth Tech Password Guide.md diff --git a/docs/processes/Cybersecurity Guidelines/Password Guideline.md b/docs/processes/Cybersecurity Guidelines/Password Guideline.md new file mode 100644 index 0000000..1d0eef7 --- /dev/null +++ b/docs/processes/Cybersecurity Guidelines/Password Guideline.md @@ -0,0 +1,39 @@ +# Thoth Tech Password Guide +## Purpose +This guide has been created to help Thoth Tech members create a positive, secure password culture. It does not aim to be comprehensive and offers general advice on password management. +Background +A password aids in preventing unauthorised access, but if it is revealed, it is no longer an effective defence. As Chaudhary (2022) mentioned, “Cybersecurity plays a crucial role within the field of the digital world. Securing information and data has become one of the most critical challenges in the present day”. +Every organisation must have documented Security Guidelines to mitigate the risks in this ever-evolving threat landscape. +It is necessary to ensure each person is whom they claim to be (authentication), usually by checking the user ID and password they enter. It allows them to access only the data they’re allowed to use (authorisation). +Instructions +Thoth tech requires that passwords adhere to the following factors: +- Passwords should include a variety of symbols. They should have at least one number, both uppercase and lowercase letters, and one or more special characters +- It should not contain your personal information — specifically, your real name, username, student ID, etc. +- Reset admin passwords every 180 days. For example, Admin OnTrack accounts Admin Splashkit accounts, DreamBig admin accounts etc. +- Passwords cannot be used from the previous five passwords. +- All online and desktop accounts must change at least every six months. For example, GitHub, Teams, Trello, Miro, DockerHub, LucidChart +- The password should be changed in the case of a potential threat or suspected unauthorised access. + +The following passwords are discouraged: +- Easy-to-guess passwords, especially the phrase "password." +- A string of numbers or letters like “1234” or “abcd.” +- A series of characters appear sequentially on the keyboard, like “@#$%^&.” +- A user’s given name, the name of a spouse or partner, or other names +- The user’s phone number or license plate number, anybody’s birth date, or additional information easily obtained about a user (e.g., address or alma mater) +- The same character typed multiple times, like “zzzzzz.” +- Words that can be found in a dictionary +- Default or suggested passwords, even if they seem strong +- Usernames or host names used as passwords +- Passwords that form a pattern by incrementing a number or character at the beginning or end + +## Account Management: +This policy aims to establish a precise procedure for setting up, managing, and deleting accounts that permit access to Thoth Tech's information. In Thoth Tech, we use Miro, Trello, Microsoft Teams, Docker hub, lucid chart etc. The top system administrator, like the leaders, has control and management roles in creating, editing, and maintaining group access. Credentials dedicated to users' access are identified, and data security bridging is controlled. + + + +### References: +1. Cukier, Michel. “Hackers Attack Every 39 Seconds.” Security Magazine RSS, Security Magazine, 24 May 2020, https://www.securitymagazine.com/articles/ 87787-hackers-attack-every-39-seconds. +2. Chaudhary, Varsha, “Cyber Security Policy” 22 Feb. 2022, Cyber Security Policy - GeeksforGeeks +3. https://www.quest.com/solutions/active-directory/what-is-active-directory.aspx + + diff --git a/docs/processes/cyber-security-guidelines/# Updated Thoth Tech Password Guide.md b/docs/processes/cyber-security-guidelines/# Updated Thoth Tech Password Guide.md new file mode 100644 index 0000000..f311ae0 --- /dev/null +++ b/docs/processes/cyber-security-guidelines/# Updated Thoth Tech Password Guide.md @@ -0,0 +1,40 @@ +# Thoth Tech Password Guide +## Purpose +This guide has been created to help Thoth Tech members create a positive, secure password culture. It does not aim to be comprehensive and offers general advice on password management. + +## Background +A password aids in preventing unauthorised access, but if it is revealed, it is no longer an effective defence. As Chaudhary (2022) mentioned, “Cybersecurity plays a crucial role within the field of the digital world. Securing information and data has become one of the most critical challenges in the present day”. +Every organisation must have documented Security Guidelines to mitigate the risks in this ever-evolving threat landscape. +It is necessary to ensure each person is whom they claim to be (authentication), usually by checking the user ID and password they enter. It allows them to access only the data they’re allowed to use (authorisation). +Instructions +Thoth tech requires that passwords adhere to the following factors: +- Passwords should include a variety of symbols. They should have at least one number, both uppercase and lowercase letters, and one or more special characters +- It should not contain your personal information — specifically, your real name, username, student ID, etc. +- Reset admin passwords every 180 days. For example, Admin OnTrack accounts Admin Splashkit accounts, DreamBig admin accounts etc. +- Passwords cannot be used from the previous five passwords. +- All online and desktop accounts must change at least every six months. For example, GitHub, Teams, Trello, Miro, DockerHub, LucidChart +- The password should be changed in the case of a potential threat or suspected unauthorised access. + +The following passwords are discouraged: +- Easy-to-guess passwords, especially the phrase "password." +- A string of numbers or letters like “1234” or “abcd.” +- A series of characters appear sequentially on the keyboard, like “@#$%^&.” +- A user’s given name, the name of a spouse or partner, or other names +- The user’s phone number or license plate number, anybody’s birth date, or additional information easily obtained about a user (e.g., address or alma mater) +- The same character typed multiple times, like “zzzzzz.” +- Words that can be found in a dictionary +- Default or suggested passwords, even if they seem strong +- Usernames or host names used as passwords +- Passwords that form a pattern by incrementing a number or character at the beginning or end + +## Account Management: +This policy aims to establish a precise procedure for setting up, managing, and deleting accounts that permit access to Thoth Tech's information. In Thoth Tech, we use Miro, Trello, Microsoft Teams, Docker hub, lucid chart etc. The top system administrator, like the leaders, has control and management roles in creating, editing, and maintaining group access. Credentials dedicated to users' access are identified, and data security bridging is controlled. + + + +### References: +1. Cukier, Michel. “Hackers Attack Every 39 Seconds.” Security Magazine RSS, Security Magazine, 24 May 2020, https://www.securitymagazine.com/articles/ 87787-hackers-attack-every-39-seconds. +2. Chaudhary, Varsha, “Cyber Security Policy” 22 Feb. 2022, Cyber Security Policy - GeeksforGeeks +3. https://www.quest.com/solutions/active-directory/what-is-active-directory.aspx + + From 7481b0188c837422f64b459836638a97d7fe1d47 Mon Sep 17 00:00:00 2001 From: Durgaghallay Date: Fri, 23 Sep 2022 20:04:26 +1000 Subject: [PATCH 2/2] docs:delete old copy of password guide This is the deleted file. --- docs/processes/.DS_Store | Bin 0 -> 8196 bytes .../Password Guideline.md | 39 ------------------ .../cyber-security-guidelines/.DS_Store | Bin 0 -> 6148 bytes 3 files changed, 39 deletions(-) create mode 100644 docs/processes/.DS_Store delete mode 100644 docs/processes/Cybersecurity Guidelines/Password Guideline.md create mode 100644 docs/processes/cyber-security-guidelines/.DS_Store diff --git a/docs/processes/.DS_Store b/docs/processes/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..3013d64b1606b5e22117a4560d6d431ec0835623 GIT binary patch literal 8196 zcmeHM-HOvd82x6q?xrjY6%|@U2za}$tz8Ati(2c2;Ds1bL8T^5?G}?vZBolp3%ylu z^Z|SZZ+!qCzzgwR1VPXIY;D@z(ybs1&cMu>%zWpYnKPNBUrI!*+Ve|9c_Olq1?DzT z9FRo6$TMk0x10hp@QGZCXpb%sr_PMEX)p>H1&jhl0i%FX;5aCNceY5@A@6=-}DXoLEJnDUAX~fmsDa?0%LSh}c8K?33|(le)N0sExje zVnp>V>fy?#CT+voza8*~7jO?A#G$)^y!}fi)QAf3xuoAlzU+kGsq?sFb^ z`*qiQ&~EnYxzjg!l(_Av*_DL0--OANhwaGc{VMN8ek{3;>aem_ww}um2BmU&%ig(M z9B$cztCxzXm#++mS?kRCi`VYeUj$*q-%7QJ=?5Eas_Sw24z(q;eC2ebfJZH`h38G| z8<#r}Lg@&5Fy7m=>g*h>C--p&FDHRr;6 zG3S%?5@*FFaWd3tadCoTd49whZBTP+*M3Z`WC0JU_0gM0i;bIJH90@kE-o-$T8pDF zQwq^np^$n13l&T<3M{X{s-osa{D154@BhmWV3R(NkJjQai9#xf#W|6QMX|#I2DZ}g=j%C9|EKdrZ5WpQw4qlw3H;t literal 0 HcmV?d00001 diff --git a/docs/processes/Cybersecurity Guidelines/Password Guideline.md b/docs/processes/Cybersecurity Guidelines/Password Guideline.md deleted file mode 100644 index 1d0eef7..0000000 --- a/docs/processes/Cybersecurity Guidelines/Password Guideline.md +++ /dev/null @@ -1,39 +0,0 @@ -# Thoth Tech Password Guide -## Purpose -This guide has been created to help Thoth Tech members create a positive, secure password culture. It does not aim to be comprehensive and offers general advice on password management. -Background -A password aids in preventing unauthorised access, but if it is revealed, it is no longer an effective defence. As Chaudhary (2022) mentioned, “Cybersecurity plays a crucial role within the field of the digital world. Securing information and data has become one of the most critical challenges in the present day”. -Every organisation must have documented Security Guidelines to mitigate the risks in this ever-evolving threat landscape. -It is necessary to ensure each person is whom they claim to be (authentication), usually by checking the user ID and password they enter. It allows them to access only the data they’re allowed to use (authorisation). -Instructions -Thoth tech requires that passwords adhere to the following factors: -- Passwords should include a variety of symbols. They should have at least one number, both uppercase and lowercase letters, and one or more special characters -- It should not contain your personal information — specifically, your real name, username, student ID, etc. -- Reset admin passwords every 180 days. For example, Admin OnTrack accounts Admin Splashkit accounts, DreamBig admin accounts etc. -- Passwords cannot be used from the previous five passwords. -- All online and desktop accounts must change at least every six months. For example, GitHub, Teams, Trello, Miro, DockerHub, LucidChart -- The password should be changed in the case of a potential threat or suspected unauthorised access. - -The following passwords are discouraged: -- Easy-to-guess passwords, especially the phrase "password." -- A string of numbers or letters like “1234” or “abcd.” -- A series of characters appear sequentially on the keyboard, like “@#$%^&.” -- A user’s given name, the name of a spouse or partner, or other names -- The user’s phone number or license plate number, anybody’s birth date, or additional information easily obtained about a user (e.g., address or alma mater) -- The same character typed multiple times, like “zzzzzz.” -- Words that can be found in a dictionary -- Default or suggested passwords, even if they seem strong -- Usernames or host names used as passwords -- Passwords that form a pattern by incrementing a number or character at the beginning or end - -## Account Management: -This policy aims to establish a precise procedure for setting up, managing, and deleting accounts that permit access to Thoth Tech's information. In Thoth Tech, we use Miro, Trello, Microsoft Teams, Docker hub, lucid chart etc. The top system administrator, like the leaders, has control and management roles in creating, editing, and maintaining group access. Credentials dedicated to users' access are identified, and data security bridging is controlled. - - - -### References: -1. Cukier, Michel. “Hackers Attack Every 39 Seconds.” Security Magazine RSS, Security Magazine, 24 May 2020, https://www.securitymagazine.com/articles/ 87787-hackers-attack-every-39-seconds. -2. Chaudhary, Varsha, “Cyber Security Policy” 22 Feb. 2022, Cyber Security Policy - GeeksforGeeks -3. https://www.quest.com/solutions/active-directory/what-is-active-directory.aspx - - diff --git a/docs/processes/cyber-security-guidelines/.DS_Store b/docs/processes/cyber-security-guidelines/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..90d07aa1f76e8d9582f71f1a6a3fb202167d89ab GIT binary patch literal 6148 zcmeHK%Sr<=6g|-{3Lt5R#TCqB!7Ps?9exjcH@G&?P+=$4% zLvn6%A4v{O9sts4RUQHZ0DTt0Bua-!cc*E?oduKTC~<`+R49?%_SZq?zK=c5_X78v z_vid4SfJ)=7PL*crkQGI^myd=OxuI5^8_ngQ>!q