My employer is pursuing BS 7799. We went through training on security awareness and the environment began to change. Network security was tightened (my blog got categorized as porn) We were required to maintain a clean desk (Every time I need to check the requirements document I have to get the locker key from my pocket open the locker, get the document, read it, put it back in the locker, lock the locker… all because it has “confidential” printed in the footer), asked to remove the class diagrams and ER diagrams which were on display, remove all file shares and lock the machines when we leave the desk… few good practices and some nonsense. For instance this is the first time I saw a software development company which doesn’t have class diagrams pasted on cubicle walls…
Every now and then BS 7799 auditors roam around, we should be prepared to answer them at all times… and before we talk to them we should lock our machines first, put all the documents in the locker… and so on.
Its strange.. at least u guys cant keep the class digrams infornt of u?? so no white boards with digrams... they should tighen security in the prmises.. but its all about clients ;) we have to give what they want...
ReplyDelete