Structured using Information Shield’s “Best Practices Security Policy Template,” Thycotic has created a guide that any organization can use to put in place a privileged account management policy. It contains over 40 pre-written information security statements that can be quickly and easily customized to fit any organization’s governance requirements. After adding organization-specific information, the template serves as the official Privileged Password Policy instructing privileged password users of specific company requirements and informing auditors and security officers of compliance with applicable regulations.
“Privileged passwords represent some of the highest security risks for any organization and are often poorly protected,” said Nathan Wenzler, Executive Director of Security at Thycotic. “This is problematic, given that they are frequently used by IT and application administrators to gain access to computing tasks requiring high permissions. The first step for management seeking to adequately protect privileged passwords is to create an official corporate policy informing users of specific company requirements.”
The Privileged Password Security Policy Template is designed to allow organizations to be fully compliant with current security standards without the need to research and interpret them. The template is based on the latest security standards from recognized standards bodies; therefore, using this security policy template allows organizations to automatically be compliant with current security regulations from ISO and NIST as well as industry specific standards such as HIPAA, PCI, GLBA, and SOX.
“Privileged accounts are one of the great hidden vulnerabilities in modern IT organizations,” said President of Information Shield, David Lineman. “Thycotic is able to help organizations do something previously not possible – identify and manage them. Our Privileged Account Management Policy represents the most robust set of controls available for password and account management. Combining our best-practices policy with Thycotic enforcement is a major step forward.”
Creating an official password policy is just the first step in securing these valuable assets. For most organizations, enforcing the policy is the more difficult task. It takes countless administrative hours to find all needed passwords, change them according to a schedule and secure them in a central repository, even with the help of tools and scripts. Missing a few privileged passwords still exposes the organization to breaches, and not changing them according to recommended guidelines increases their exposure over time.
Automatically enforcing privileged password security policy is what Thycotic’s Secret Server does. Thycotic Secret Server supports the best practices of industry standard security policies such as discovering and placing all privileged passwords in a secure vault, automatically changing passwords, providing logs and recordings of privileged password usage, obscuring passwords from users and programs, and providing onetime password usage automation.
Thycotic, a global leader in next-generation IT security solutions, delivers an indispensable, comprehensive Privileged Account Management (PAM) solution to protect your “keys to the kingdom” from cyber-attacks and insider threats. Unlike any other security offering, Thycotic Secret Server assures the protection of privileged accounts while being the fastest to deploy, easiest to use, exceptionally scalable enterprise-class solution offered at a competitive price. Already securing privileged account access for more than 3,000 organizations worldwide, including Fortune 500 enterprises, Thycotic Secret Server is simply your best value for PAM protection.
About Information Shield
Information Shield provides time-saving products and services to help build, update and maintain information security policies. Information Shield’s Common Policy Library (CPL) contains over 1600 pre-written information security policy templates covering all aspects of information security. Based in Houston, Texas, Information Shield has over 10,000 satisfied customers in 60 countries.