Scenario:
Your company recently experienced a spate of incidents where thumb drives containing potentially sensitive company documents were lost. In one instance a 32GB USB drive was turned in to the reception desk and when the security team reviewed the contents it was discovered to have contained several documents with sensitive financial information on a contract the company was negotiating with a major client.
In another reported incident a traveling marketing representative reported losing a 64GB thumb drive at some point during a domestic business trip. While the marketing officer knew for sure some of the recently added documents to the USB drive he was not sure about all the files on the drive since he had been using the same drive for the past two years and rarely deleted content from the drive.
Potentially Useful Resources:
https://social.technet.microsoft.com/wiki/contents/articles/16845.locking-down-removable-storage-access-using-group-policy-and-security-groups.aspx (Links to an external site.)
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-detyperdd (Links to an external site.)
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices (Links to an external site.)
Assignment:
Write a new company policy for removable media. You have the choice to handle the situation as you see fit for your organization and your risk management assessment. Options include accepting the risk and requiring employees to take additional care in how they handle removable media, emphasizing to the workforce the risks in lost data. Logging all files copied to and from removable media so the organization can assess what may be on any given USB drive. Encrypting all removable media with a tool such as BitLocker. A combination of any or all of these options and/or some other ideas you have on how to handle this risk for the organization.
Your policy should be well formatted, with no spelling or grammar errors, clear, concise, and understandable by the workforce. The policy should briefly explain the problem, challenge, or risk it is designed to solve or mitigate, state the new requirements or rules, and briefly describe how you will perform the technical implementation. Length of submission should be in the 2-3 page range.
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.
[order_calculator]