There are many misconceptions around the well know ‘Clear Screen Clear Desk’ Policy used in IT Security. Join Mel and Steve Mason on this week’s episode as they discuss some top tips and share some of their own stories.
When Looking at Clear desk in an assessment it is important not to focus purely on individual desks but on the broader work areas to which employees have access.
- Clearing all white boards of information if it is no longer require (take a photograph to prevent loss)
- Checking all flip charts and removed sheets that have already been used
- Checking all photocopiers and printers (and the surrounding areas) for any forgotten or discarded documents
- Checking all confidential waste bins for any that are overflowing; if items can be removed put them in a new bin
- Checking for any confidential documents left on desks or in trays on desks
- Checking empty and unoccupied rooms for confidential waste
- Checking all cabinets to see that they are locked; if they are unlocked check to see that there is no confidential documentation in the cabinets
- Checking to see that keys are securely locked away; if they are in pedestal drawers ensure that there is no confidential information stored in the drawers.
- Checking Riser doors which are labelled ‘Keep Locked’ to ensure that they are locked
- Checking that all ‘mail’ pigeon holes have been cleared from previous ‘out of hours’ work
Clear Screen is much more than just locking your screen when you walk away from your desk, it is about making sure that you do not store information on your laptop and PC desktop screen. Whilst it is there it is at risk of being lost if hard drive fail as it is not backed-up; also, there is the inconvenience that others who need access to the information cannot get to it, impacting Integrity and Availability of security.
To help out the ISO Show: