Passwords are everywhere these days. Personal identification numbers (PINs) are necessary to identify a person as the authorized cardholder and gain access to the financial data. The combination of digits and letters allow us to log into numerous websites where our personal or corporate emails, messages, and other communication is stored. In other words, everything valuable in the world is protected with passwords that can have very different forms and shapes.
Further development and sophistication of technologies in different areas provoked substantial sophistication of security systems. Multilevel electronic protection, fingerprints and retina scanners, voice authorization, and password encryption improved security systems. However, it did not change people. Therefore, the weakest link in any security chain remained the same. Human error is the most frequent reason of security breaches. We forget passwords all the time, write them down on the back of keyboards or on stickers around monitor and then wonder how someone else has visited a super secured and protected computer.
The Internet became an integral part of our life. Many people store information, exchange emails, perform financial operations, and do many other things over the Internet. The global network became a global storage of personal information. Access to this information is protected by passwords. However, most of people do not even remember numerous passwords they create to protect their privacy (Schneier, 2005a). Therefore, there are special secret questions that users should answer during the registration process so they could restore the password. Here is the problem. When a user creates sophisticated passwords, the level of data protection is rather high. At the same time, the user compromises his/her efforts by giving the way to find out the password by answering this secret question (Schneier, 2005b).
However, internet security has problems, not connected with technical solutions. Sometimes, the inadequate IT management could create more problems with security that a group of well-trained hackers. Poor password management solutions could provide access to the highly secured system without even breaking into it. As it was stated before, users are the weakest spot in the security system (Arief & Besnard, 2005; McNulty et al., 2007). They forget passwords, tell them to the third parties, write them down in order to remember, create too simple passwords, and make many other mistakes that an IT manager could miss. Therefore, password management that is not user friendly, complicated, and unsecure can be a substantial threat to the security system as well.
Patch management can be a threat too. Updates of the software solutions are aimed to fix the existing bugs, problems, as well as improve/extend functionality and add new useful features. However, each change in the software code is the possibility to add new bugs and flaws into a system. Some IT managers might think that patch management is nothing more than running automatic updates of the software and that is it. Software will do the rest. It is not true. Patch management is about appropriate maintenance of all software solutions that are present in the IT infrastructure of an …