Intelligent CIO Europe Issue 30 | Page 61

INFOGRAPHIC “ TO MITIGATE RISK AND EVOLVE YOUR POLICY AS NEEDED YOU SHOULD CONTINUOUSLY ANALYSE PRIVILEGED PASSWORD, USER AND ACCOUNT BEHAVIOUR. use of the password from a centralised password safe. Bring SSH keys under management NIST IR 7966 offers guidance for businesses, government organisations and auditors on proper security governance for SSH implementations that include recommendations around SSH key discovery, rotation, usage and monitoring. Utilise threat analytics To mitigate risk and evolve your policy as needed you should continuously analyse privileged password, user and account behaviour and be able to identify anomalies and potential threats. Automate workflow management While you can certainly build your own internal rule sets to trigger alerts and apply some policies around password management, third-party solutions provide robust capabilities that can streamline and optimise the entire password management life cycle. As with any IT security and governance project, start with a scope. • INTELLIGENTCIO 31