S 2.3 Office / local workplace
Description
A local workplace is the area within the organisation where one or several employees are located in order to perform their tasks. For example, this may be an office, a production environment, or a sales area.
The tasks may consist of a wide variety of activities that may be entirely or partially IT-supported: creating documents, processing card files and lists, conducting meetings, making telephone calls, or reading files and other documents.
Since a local workplace is located within the organisation, basic infrastructural precautions such as access control or fire control can be taken for granted.
This module describes the typical threats and safeguards for a local workplace.
Threat scenario
The following typical threats to the IT-Grundschutz of local workplaces are assumed to exist:
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.6 | Unauthorised admission to rooms requiring protection |
| T 2.14 | Impairment of IT usage on account of adverse working conditions |
Human Error
| T 3.6 | Hazards posed by cleaning staff or outside staff |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.4 | Theft |
| T 5.5 | Vandalism |
Method recommendation
To secure the information system examined, other modules must be implemented in addition to this module, with these modules being selected based on the results of the IT-Grundschutz modelling process.
A host of safeguards need to be implemented for local workplaces, from planning to their actual use. The steps to be followed in this case as well as the safeguards to implement in each phase are listed in the following.
Planning and design
Safeguard S 1.76 Appropriate selection and usage of a local workplace describes the basic design possibilities that should be taken into account when setting up a workplace.
Purchasing
Regarding local workplaces where the users are not able to control the access themselves, i.e. areas including public business or open-space offices, for example, anti-theft devices should be designed for protecting notebooks, because otherwise there is a relatively high risk of such devices "disappearing" when unattended. A particularly brazen thief does not need much time to grab a notebook or an organizer and then walk out of the room.
Implementation
It is also necessary to specify who will be granted access to local workplaces and under what conditions. In particular, it is necessary to decide which areas will be open to the general public and which will only be open to the employees of the company or government agency.
Operation
The processed information must be handled carefully at the local workplace. This includes following the regulations specified by the employer regarding the working environment and the secure storage of working materials.
It must also be specified whether offices should be locked in general when no employees are present, taking into consideration the site and building access rules in so doing. Depending on the construction of the building, it must also be ensured that no one can access the building over a balcony and/or through an unsecured window.
The bundle of security safeguards for local workplaces is presented in the following.
Planning and design
| S 1.76 | (A) | Appropriate selection and usage of a local workplace |
| S 3.9 | (Z) | Ergonomic workplace |
Implementation
| S 2.17 | (A) | Entry regulations and controls |
Operation
| S 1.15 | (A) | Closed windows and doors |
| S 1.23 | (A) | Locked doors |
| S 1.45 | (A) | Suitable storage of official documents and data media |
| S 1.46 | (Z) | Use of anti-theft devices |
| S 2.37 | (C) | Clean desk policy |