Procedural controls
When you implement technical controls your security posture will be improved, but if users are bypassing technical controls or senior management is not adhering to them, their effectiveness is drastically reduced. This is where procedural controls are crucial.
Procedural controls define what the employees’ responsibilities are and how they should behave with the systems. This improves overall security posture and helps with incident prevention. Procedural controls make technical controls more effective in the following ways:
- Enforcing password policies for the organization, including the following:
- More than eight characters for the password.
- At least one capital letter.
- At least one simple letter.
- A special character.
- Banning common passwords even if they comply with the password policy (for example,
Qwerty@123). - Passwords must be changed after 35 days.
- The last 10 passwords cannot be used again.
- After three incorrect attempts, the account will get locked...
