IT BEST PRACTICES

Subscribe to
IT Best Practices.

STAY CONNECTED

    SANS Policy Templates: Clean Desk Policy

    The SANS Institute has published several information security policy templates describing best data security practices in template format. This largely means that you can ‘fill in the blanks’ when developing a security policy (although some modification will be in order for your specific circumstances). In this post we’ll look at the SANS template for developing a clean desk policy as a part of overall network security.

    A clean desk policy largely revolves around keeping company information confidential. This may be, but is not limited to customer information. Certainly there are examples of both customer and non-customer information becoming public which would, in the best circumstances, remain confidential to the company. In May, 2015 information security experts and computer consultants were sharing a screen capture of a BBC documentary which showed a login and password for a control system terminal for London’s rail system. While your company might or might not permit a camera to record operations for publicity, printing out passwords, whether on a desk blotter or taped to the monitor is a clear example of a clean desk policy failure.

    If a clean desk policy means securing company information wherever it should be secured, that also includes laptop computers, which will probably leave the company premises at some point. Several times a year various American and European governments report laptops which have gone missing with sensitive information like social security numbers. Invariably a reporter asks if the laptop was encrypted, and all to often the answer is that it was not. Therefore your clean desktop policy may include laptop cable locks, encrypting hard drives and phasing out equipment which does not support what you consider necessary encryption standards.

    Your clean desktop policy may also include walk-throughs by management to spot USB flash drives, tablets or phones plugged into company machines. In 2014 several security researchers suggested that electronic cigarette USB chargers appeared to be contacting Chinese servers. Enforcing your policy means that managers will need to be trained and refreshed on threats as they emerge as well as best practices.

    For more information on determining a clean desktop policy, please contact us.

    SANS Policy Templates: Clean Desk Policy

    The SANS Institute has published several information security policy templates describing best data security practices in template format. This largely means that you can ‘fill in the blanks’ when developing a security policy (although some modification will be in order for your specific circumstances). In this post we’ll look at the SANS template for developing a clean desk policy as a part of overall network security.

    A clean desk policy largely revolves around keeping company information confidential. This may be, but is not limited to customer information. Certainly there are examples of both customer and non-customer information becoming public which would, in the best circumstances, remain confidential to the company. In May, 2015 information security experts and computer consultants were sharing a screen capture of a BBC documentary which showed a login and password for a control system terminal for London’s rail system. While your company might or might not permit a camera to record operations for publicity, printing out passwords, whether on a desk blotter or taped to the monitor is a clear example of a clean desk policy failure.

    If a clean desk policy means securing company information wherever it should be secured, that also includes laptop computers, which will probably leave the company premises at some point. Several times a year various American and European governments report laptops which have gone missing with sensitive information like social security numbers. Invariably a reporter asks if the laptop was encrypted, and all to often the answer is that it was not. Therefore your clean desktop policy may include laptop cable locks, encrypting hard drives and phasing out equipment which does not support what you consider necessary encryption standards.

    Your clean desktop policy may also include walk-throughs by management to spot USB flash drives, tablets or phones plugged into company machines. In 2014 several security researchers suggested that electronic cigarette USB chargers appeared to be contacting Chinese servers. Enforcing your policy means that managers will need to be trained and refreshed on threats as they emerge as well as best practices.

    For more information on determining a clean desktop policy, please contact us.

    Subscribe to
    IT Best Practices.

    STAY CONNECTED

      ALL ARTICLES

      Cloud Services

      Component Highlight: Veeam Data Protection and Backup

      READ MORE
      Cloud Services

      Meet the team – A word (or two) from our CEO, Reyner Natahamidjaja

      READ MORE
      Cloud Services

      Why you need a full cloud platform, and the pitfalls of going piecemeal

      READ MORE
      Cloud Services

      Component Highlight: IBM Flash Storage

      READ MORE
      Cloud Services

      Can You Trust Your Old Data with Hyperscale Providers?

      READ MORE
      Cloud Services

      Increasing Data Integrity & Security through multi-site replication with CloudKey

      READ MORE
      Cloud Services

      The Dissolution of AWS and their Cloud Monopoly

      READ MORE
      Cloud Services

      Meet the team – The Insights of Chris Martin

      READ MORE
      Cloud Services

      Component Highlight: Palo Alto Firewalls and Edge Security Services

      READ MORE
      Cloud Services

      How the right cloud platform can reduce your RTO and RPO

      READ MORE

      You Have The Momentum. We Help Keep It Going.

      At Global IP Networks, our mission is to keep your net working. Our team of dedicated, certified IT experts is 100% committed to your success. For over 20 years, we’ve relentlessly helped companies like yours tackle their IT challenges to maximize the security, uptime and performance of their networks.

      That’s tenacity. That’s Global IP Networks.

      wLearn More