Monday, February 04, 2013

Security

I've just been working through my annual security assessment. An online series of case studies and questions to help me be more secure at work. I enjoyed it so much I thought I'd write some questions of my own.

You print out a database of people's names, DOB, their mothers maidenames, their home address, bank details and name of first childhood pets. You leave it on a bus by mistake. What action should you take?

Cover it up, don't tell anyone. If it gets out blame the trauma from loosing your first childhood pet. Tell them god told you to do it. Tell them you can see dead people and rats crawling over your body. What ever you do don't admit you're *That* stupid.

Ask yourself if you're happy in a job where they pay so little you have to take public-transport every day and yet forced to work from home.

Report it to HR so the people can be contacted and advised to have their mothers maiden names changed by depol, in fact their first pets names should also be changed and perhaps they should move.

You are leaving the office and someone is entering the building without a pass. What should you
do?

Let them into the building politely. No body likes to be rude right?

Get all up in their face and challenge them. If they can't produce a pass or explain exactly why they are here then mace them in the face with pepper spray.

Get the hell out. They are clearly a terrorrist.

You are in your office working on sensitive information. You need to go to the loo. What precautions should you take?

None. You work with trustworthy people because your company isn't run by dicks.

Password protect your screen, bolt your laptop to the desk. Ensure all your stuff, including pens (they cost money you know!) are locked away in a secure vault which only you know the twenty didgit combination.

Tell a colleague where you are going and give them a time you'll be expected back in case they need to inform security of your kidnapping.

You are on the train and take a work-related call. Which of the following are true?

You could divulge sensitive information. Everyone around you are potential spies. The government is watching you. They are tapped into your phone. That van outside really has been out there a long time.

There are no risks, as long as you use a pre-agreed coded language that only you and your colleague use. Some people think they can get away with speaking Klingon or Welsh but unfortunately a few thousand people in the world can speak this and they are probably all sat next to you on the train right now taking notes of what you are saying. They are basically employed to spy on you. You are not alone. Big brother is watching!

Go into the loo to take your call is more secure. The over-whelming stench of piss and that used confom and/or needle are a small price to pay when you're telling your colleague you'll be ten minutes late for the meeting. Remember, you ARE being followed and the information you are discussing could affect you and your organisation.

Which of the following statements are true?

All documents must be shred and properly recycled by professionals. You cannot take shredded paper home to use as hamster bedding as your hamster may be exposed to sensitive information.

Your bin, at home or work, is not secure. That feeling you are being followed when walking home at night is not in your head. It is someone waiting for you to throw sensitive information into your bin.

Documents are more secure if they have the word PRIVATE or CONFIDENTIAL stamped across them. If you see these words you will imediately stop reading because you know you would never read things you weren't meant to read.