Welcome to the fourth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to ISO 17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Guidance and information included in this issue:
As you read this article, look around at your working environment. The items/information you have to hand may not seem very sensitive because you deal with them every day... but now look again.
If you were alone and not a member of staff, how would you view them? What would you find if you looked around? Picture yourself as a visitor passing through. What can you hear in terms of conversation? What can you see?
The chances are that you can hear and see quite a lot that you would not want to be openly disclosed to the outside world. If this is the case, the security of your information is at risk potentially from every visitor, stranger, sub-contractor, etc.
This article is not written with the intention of discrediting visitors, but nonetheless, it is important to be fully AWARE of what CAN happen if due caution is not exercised.
The following guidelines may help in ensuring that the risks are minimized:
- Your reception/visitor area should issue distinctive badges and ensure that visitors wear them
- Do not be lazy... escort visitors from reception (if applicable)... don't let them make their way to you
- Do not hold doors open for people not displaying their ID
- Consider using different colored badges for each day of the week.
- Challenge those who are not displaying any identity badges
- If your location issues identity badges - make sure YOU wear yours
- Do not be afraid to ask someone who they are visiting and what they are doing
- Do not leave visitors alone