ตัวอย่างความเสี่ยงเกี่ยวกับรหัสผ่าน และมาตรการควบคุม

Risk	Control
Weak Passwords	1.     Password Strength Meter 2.     Password minimum length = 12 3.     Password complexity = 4 (Uppercase (A-Z), Lowercase (a-z), Numbers (0-9), Special characters (#, %, etc.)
Password Reuse	1.     Minimum password duration = 0 2.     Maximum password duration = 0 3.     Password history = 4
Brute Force Attacks	1.     Captcha Implementation 2.     Logon attempt before lockout = 6 3.     Lockout duration = 30 min 4.     Reset logon attempts = 30 min 5.     Account Login/out or Lockout Notification
Credential theft	1.     Least Privilege Principle/Just-In-Time       Privileges 2.     Multi-Factor Authentication (MFA) 3.     Regular Password Changes 4.     Database Activity Monitoring 5.     Encrypted Storage 6.     Behavioral Analytics 7.     Security Awareness Training
Keylogging	1.     Only business devices are allowed to access the internal network. 2.     Anti-Virus/Malware 3.     Patch Management 4.     Endpoint Detection and Response (EDR) 5.     Secure Input Methods 6.     VA/Pentest 7.     Do not allow user to install program/application on device 8.     Device Hardening
Insider Threat	1.     Segregation of duty/Role-Based Access Control (RBAC) 2.     User review 3.     Change Management 4.     Log review 5.     User Behavior Analytics (UBA) 6.     Whistleblower Policy
Data breach	1.     Data Encryption 2.     On-premises 3.     Data Loss Prevention (DLP) 4.     Role-Based Access Control (RBAC) 5.     User review 6.     Monitoring/ Regular Audits
Unplan downtime	1.     Implement High Availability (HA) solutions 2.     Redundancy 3.     Incident response (SLA = ?h) 4.     Backup/Restore 5.     Regular Testing