In Depth
The Clean Desk Test: What's Wrong with This Picture?
A messy desk is a vulnerable desk. We've created one with 20 egregious violations of a good clean desk policy. See if you can find them.
By Scott Berinato
Page 2
It's not just untidy, it's unsafe.
Proprietary Data
| VIOLATIONS | RISK | SUGGESTED POLICY |
|---|---|---|
| Day planner (1) and Rolodex (2) left on desk. | Personal and professional information—including phone numbers, passwords, or notes on meeting times, places and subjects—is vulnerable. | Store day planners and notebooks in a locked drawer or take them when away from desk for extended periods of time, including overnight. |
Personal Data
| VIOLATIONS | RISK | SUGGESTED POLICIES |
|---|---|---|
| Personal effects including a bank statement (3), checkbook (4) and mail (5) left on desk. Briefcase (6) left open near desk. | Bank statements include account numbers and other personal identifiers; mail carries home addresses and could reveal private information; checkbook contains a history of financial transactions. Unlocked briefcases can have items stolen from them if employee leaves the area. |
|
Access Tools
| VIOLATIONS | RISKS | SUGGESTED POLICIES |
|---|---|---|
| Keys (7), cell phone (8), PDA (9) and building access card (10) left on desk. | Cell phones can be stolen or have their call histories compromised. Stolen keys give intruders access to restricted areas of the office. PDAs contain sensitive personal and professional data. Stolen access cards can be used for continued access to the building. |
|
IT Tools
| VIOLATIONS | RISKS | SUGGESTED POLICIES |
|---|---|---|
| Applications left open on computer (11), CD left in computer (12), passwords on sticky note displayed on monitor stand (13), printouts left in printer (14). | Access to personal or sensitive corporate e-mail or passwords can allow ongoing access and intrusion. CD left in drive and data on printouts can be stolen. Cache files for applications and printer can yield sensitive data one might have thought wasn't preserved. |
|
Spatial Misconfigurations
| VIOLATIONS | RISK | SUGGESTED POLICIES |
|---|---|---|
| Desk positioned so it's partially exposed to window and view from the hallway (15). Whiteboard with sensitive data on it viewable from hallway and window (16). | Window exposure could enable spying from other buildings. Hallway exposure could allow unauthorized access if data, such as a password, is written on a whiteboard. |
|
Beyond Desk
| VIOLATIONS | RISK | SUGGESTED POLICIES |
|---|---|---|
| File cabinet drawer open (17) and keys left in lock (18). Trash bin contains loose-leaf paper (19). Bookshelf contains binders with sensitive information (20). | Folders in cabinet are eminently stealable. Keys allow for ongoing access and the ability to return files, so it's hard to detect theft. E-mails, other sensitive paper in trash bin can be stolen after-hours or found in the Dumpster outside. Binders on shelf, clearly marked as sensitive, are also available for "borrowing," making the theft of the information hard to detect. |
|
Back to the Desk
RESOURCE CENTER
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
WEBCAST
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
ESSENTIAL READING
CENTER OF EXCELLENCE
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.Center sponsored by
Webcasts
White Papers
- End-Users - Your Weakest Security Link
- Certificate and Smart Card Management with ILM 2007
- How Are Open Source Development Communities Embracing Security Best Practices?
- Using Likewise to Comply with PCI Data Security Standard
- Ponemon Study: How Much Does a Data Breach "Cost"?
- Managing SSL Security in Multi-Server Environments
Resource Alerts
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Latest Posts
Event
Data Loss Prevention
-
November 13, 2008The Roosevelt HotelRegister now »
New York, NY 10017
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
White Papers
Featured Sponsors
Sponsored Links
