Part of the Cyber Maturity series of articles, this section focuses on Removable Media Controls.
Quoting the 10 Steps to Cyber Security Guidance Sheets:
Failure to control or manage the use of removable media can lead to material financial loss, the theft of information, the introduction of malware and the erosion of business reputation. It is good practice to carry out a risk benefit analysis of the use of removable media and apply appropriate and proportionate security controls, in the context of their business and risk appetite.
The specific recommendations are:
- Produce corporate policies
- Limit the use of removable media
- Scan all media for malware
- Audit media holdings regularly
- Encrypt the information held on the media
- Lock down access to media drives
- Monitor systems
- Actively manage the reuse and disposal of removable media
- Educate users and maintain their awareness
What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.
- Wireless Device Control from SANS.
Where is good practice referenced? Please let the community know in the comments area below.
The pages referenced in this series of blog articles are derived from the 10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.