infographic
You should
continuously analyse
privileged password,
user and account
behaviour.
Bring SSH keys
under management
NIST IR 7966 offers guidance for
businesses, government organisations and
auditors on proper security governance
for SSH implementations that include
recommendations around SSH key
discovery, rotation, usage and monitoring.
Utilise threat analytics
To mitigate risk and evolve your policy as
needed you should continuously analyse
privileged password, user and account
behaviour and be able to identify
anomalies and potential threats.
Automate workflow management
While you can certainly build your own
internal rule sets to trigger alerts and
apply some policies around password
management, third-party solutions provide
robust capabilities that can streamline and
optimise the entire password management
life cycle. As with any IT security and
governance project, start with a scope. u
www.intelligentciso.com | Issue 26
23