iStorage diskAshur PRO2 Benutzerhandbuch Seite 30

Mitigation NCSC (CESG) CPA
2 DEP.M1
DEP.M701
Confidentiality
Integrity
Availability
3 DEP.M703
Confidentiality
Accountability
#30
Risk Best Practice
Unauthorised To mitigate and minimize the threat of compromise to data
assets stored on an iStorage secure drive:
Access
Never leave the iStorage secure drive unattended in an
authenticated open session;
To avoid the potential of unauthorised access, place the drive
in locked mode when not in operational use;
Configure the iStorage Unattended Auto-Lock Clock to secure
the drive after a prescribed time (Refer to the iStorage User
Manual);
When the iStorage secure drive is not required, ensure it is
removed, and secured under appropriate physical security
controls.
Always ensure that the stored data assets on the iStorage
drive have been backed up, and are available should a loss of
the iStorage secure drive occur.
Loss, Theft, Ensure that a process exists to support notification to man-
Compromise agement of theft, loss, or compromise of the iStorage secure
drive – for example:
i. Report the loss or theft to the Police – and obtain a
Crime Reference Number
ii. If a Corporate owned device, take steps to notify the
Security Department as soon as possible
iii. In cases where UK Government (or other
Government) assets are stored, report the incident to
the appropriate Departmental IAO (Information Asset
Owner) without delay
iv. In the case of Government Classified materials,
consider the Privacy, Protective Marking, or any
associated Caveats and their associated implications
to National Security
www.istorage-uk.com