Quote:
Originally Posted by Escapee
Documents Restricted or Secret must not be left out on desks whilst unattended, the reason is that Escorted visitors may not have the required level of clearance to view those documents.
|
Escorted visitors should never be left alone in the first place. I know I never was until my full pass arrived.
Quote:
|
All Restricted and Secret level documents should be locked away, also computers without suitable encryption should not contain any of these documents.
|
Difficult to work on a document if it's locked away
Quote:
The reason why breaches are made are often for very simple reasons. For example, I am not allowed to connect an unauthorised memory stick to a piece of equipment and copy files. The authorised memory sticks with encryption take 3 hours to backup some folders that take about 5 mins on an unencrypted stick.
I understand some people put them on an unencrypted stick, take them home and burn them on a CD. The CD can then be placed in a secure nachine and copied to he required location.
|
We have software at work which prevents unauthorised access to the USB ports.
If people want files transferred they have to submit a request and we do it for them.
Quote:
It's simple, measures are put in place to aid secuity but the impact in practice means people take more risks with data than if there was no security system in place to start with.
It's all about human nature!
|
Exactly, think about how people are going to use the system, and built the security around that to ensure no breaches.
As you've demonstrated, simply telling someone not to do something isn't good enough, you have to prevent them from doing it.