The ISO Show: Episode 21 – Clear Desk Clear Screen
There are many misconceptions around the well know ‘Clear Screen Clear Desk’ Policy used in IT Security. Join Mel and Steve Mason on this week’s episode as they discuss some top tips and share some of their own stories.
When Looking at Clear desk in an assessment it is important not to focus purely on individual desks but on the broader work areas to which employees have access.
Clearing all white boards of information if it
is no longer require (take a photograph to prevent loss)
Checking all flip charts and removed sheets that
have already been used
Checking all photocopiers and printers (and the surrounding
areas) for any forgotten or discarded documents
Checking all confidential waste bins for any
that are overflowing; if items can be removed put them in a new bin
Checking for any confidential documents left on
desks or in trays on desks
Checking empty and unoccupied rooms for
Checking all cabinets to see that they are
locked; if they are unlocked check to see that there is no confidential
documentation in the cabinets
Checking to see that keys are securely locked
away; if they are in pedestal drawers ensure that there is no confidential
information stored in the drawers.
Checking Riser doors which are labelled ‘Keep
Locked’ to ensure that they are locked
Checking that all ‘mail’ pigeon holes have been
cleared from previous ‘out of hours’ work
Clear Screen is much more than just locking your screen when you walk away from your desk, it is about making sure that you do not store information on your laptop and PC desktop screen. Whilst it is there it is at risk of being lost if hard drive fail as it is not backed-up; also, there is the inconvenience that others who need access to the information cannot get to it, impacting Integrity and Availability of security.