If you were to find that your organization has not done their homework and is open to password cracking attacks, how would you go about expressing your concern to your boss and getting the message to upper management for buy in to change the culture (note: not everyone likes long, complex passwords, multi-factor authentication, and other security tools that may impede their ability to work efficiently, especially if their production equates to their profits)…you may need to scare them a little to get their attention with some real-world scenarios vs. what if type theory.
What tools would you select in the marketplace to implement if given the chance? Of the countermeasures that you’ve learned about, which would you implement for the biggest bang for the buck ($$$)?- remember these don’t have to cost lots of money, but if creating organizational change and impacting the end users’ workday, think about the cost, effort, and impact to implement such measures in your discussion.