When looking at physical and environmental security issues, this quote from Laurence J. Peter, a US educator, serves as a useful reminder about the importance of a clear desk policy. When leaving for the day, it’s quite easy to quickly glance at the paperwork on your desk and bundle it all into one pile and leave it to one side of the desk so the cleaners can do their job. But, what if in that pile of papers was a contract or other document containing sensitive information on it, that you’d forgotten about because it was covered by other documents?
In BCS book Information Security Management Principles, the authors use a fictitious scenario called GANT, the Group for the Appreciation of the Natterjack Toad, to provide examples and form the basis of questions to help understand some of the theory from the book. GANT is a registered UK charity that promotes and preserves the wellbeing of the Natterjack toad. They have many members around the world and all the Group’s information is either on a web-based form, available to members on the internet, or held in paper form by the group secretary/treasurer.
In this activity, the study in which the secretary works is as cluttered as anyone might have seen. There are piles of paper and books everywhere with filing cabinets left open and windows unlocked. She argues that no one would be interested in her study, and, anyway, if she can’t find anything, how would anyone else?
What are the main reasons why the secretary should consider the implications of a clear desk policy?