ABSTRACT
It is this set of policies that became the more difficult ones
to assess and to ensure compliance, despite its corporate-
wide distribution.
This split is not atypical today. The responsibility for
administering passwords and user credentials is often part
of the technology area. In some cases, these responsibilities
may even go to a network help desk for administration.
There may be nothing wrong with this approach but the
measurement of compliance with policy is often over-
looked in this case. The security administrator is measured
by things like password resets and log-in failures, but who
is measuring why those passwords need to be reset and who
is responding to any audits of the strength and quality of the
passwords?