Password testing seems simple, but many nuances can trip up an auditor. In this session, we discuss how to test passwords based on the standards in FISCAM and NIST. We present real examples from the field for each test.
This course is a part of IT Audit Bytes series. The other Segments of this series are:
- IT Audit Bytes - Access Control
- IT Audit Bytes - Backup and Recovery
- IT Audit Bytes - Change Management
- IT Audit Bytes - Cybersecurity
- IT Audit Bytes - Data Loss Prevention
- IT Audit Bytes - Disaster Recovery and BCP
- IT Audit Bytes - IT Control Frameworks/li>
- IT Audit Bytes - Job Monitoring
- IT Audit Bytes - Logging and SEIM
- IT Audit Bytes - Network Security and Detection
- IT Audit Bytes - Password Management
- IT Audit Bytes - Physical Security
- IT Audit Bytes - Provisioning and Deprovisioning
- IT Audit Bytes - SDLC Controls
- IT Audit Bytes - Security Awareness Training
- IT Audit Bytes - Separation of Duties Controls
- IT Audit Bytes - SOC Reports
- IT Audit Bytes - Strategy and Governance
- IT Audit Bytes - Third-Party IT Risk Management (TPRM)
Prerequisites
No advanced preparation or prerequisites are required for this course.
Learning Objective
- Identify the major elements of password controls.
- Discover and describe how to perform tests for password controls.
- Recognize problems that can trip up an auditor.
Last updated/reviewed: March 15, 2025
(0) Reviews
(0 rating)Lesson Questions and Answers0 Questions
There are no questions.
Answers to Frequently Asked Questions (FAQs)
Toby DeRoche
Owner
INTRODUCTION AND OVERVIEW
- Introduction to Passwords Management 1:02
- Federal Information System Controls Audit Manual 9:08
- Control Testing 16:06
CONTINUOUS PLAY
SUPPORTING MATERIAL
REVIEW & TEST
- REVIEW QUESTIONS quiz
- FINAL EXAM exam
Ask the instructor a question about this lesson