Tag Archives: PCI

Microsoft’s Security Study & How Regulations Can Hinder Security Advances | Sword & Shield Enterprise Security, Inc.

To what extent are you able to make live easier for your users, or to innovate in your security policies, before you run up against regulations?

Cormac Herley, a principal researcher for Microsoft, published a study last year that, among other things, finds that changing passwords adds no real value from a risk or security standpoint. Herley focuses heavily on the cost-benefit trade-off of regularly changing passwords (and its negative effect on productivity) versus the cost associated with password compromises.

Herley’s study gives some much-needed attention to an opinion many of us in the security industry have been expressing for years: much of the old security advice that has been handed down for 20 or 30 years is either no longer relevant, or was never effective to begin with.

via Microsoft’s Security Study & How Regulations Can Hinder Security Advances | Sword & Shield Enterprise Security, Inc..