S 2.8 Home workplace
Description
Telecommuters, freelance employees, and the self-employed typically work from home. In contrast to a workplace in an office environment, the home workplace of an employee is located in the employee's living environment. In this case, it must be possible to adequately separate the employee's private environment from the work environment. Workplaces in employees' homes that are used full time also need to fulfil various legal requirements such as occupational health and ergonomic regulations, for example.
Since it cannot be assumed that a home workplace offers the same level of infrastructural security as would be found in the office environment on the premises of an organisation and visitors or family members have access to this workplace, it is necessary to take security safeguards that are able to reach a level of security similar to that of an office. This module describes the typical threats and safeguards for a home workplace.
Threat scenario
The following typical threats to the IT-Grundschutz of home workplaces are assumed to exist:
Force Majeure
| T 1.5 | Water |
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.6 | Unauthorised admission to rooms requiring protection |
| T 2.14 | Impairment of IT usage on account of adverse working conditions |
| T 2.47 | Insecure transport of files and data media |
| T 2.48 | Inadequate disposal of data media and documents at the home workplace |
Human Error
| T 3.6 | Hazards posed by cleaning staff or outside staff |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.3 | Unauthorised entry into a building |
| T 5.69 | Higher risk of theft from a working place at home |
| T 5.70 | Manipulation by family members or visitors |
| T 5.71 | Loss of confidentiality of classified information |
Method recommendation
To secure the information system examined, other modules must be implemented in addition to this module, with these modules being selected based on the results of the IT-Grundschutz modelling process.
A series of safeguards must be implemented for home workplaces, from the planning phase for its use to the disposal of sensitive data media and printouts. The steps to be followed in this case as well as the safeguards to implement in each phase are listed in the following.
Planning and design
Safeguard S 1.44 Suitable configuration of a home workplace specifies the basic design possibilities that should be taken into account when setting up a workplace in a residential environment.
Implementation
To ensure controlled use of a home workplace, rules must be established regulating which information is allowed to be processed at the home workplace, which information may be transported back and forth between the company and/or government agency and the home workplace, and which precautions must be taken in this case.
Operation
The usual level of working discipline must be maintained, even when working at home. This includes keeping an orderly workplace and following the regulations specified by the employer regarding the working environment and the secure storage of working materials. The home workplace should also be locked so that it is not subject to an unacceptable burglary risk.
Disposal
It is important, especially at the home workplace, to dispose of data media and printouts properly and not just throw them in the waste bin.
The bundle of security safeguards for home workplaces is presented in the following.
Planning and design
| S 1.19 | (Z) | Protection against entering and breaking |
| S 1.44 | (A) | Suitable configuration of a home workplace |
| S 3.9 | (Z) | Ergonomic workplace |
Implementation
| S 2.112 | (A) | Regulation of the transport of files and data media between home workstation and institutions |
Operation
| S 1.15 | (A) | Closed windows and doors |
| S 1.23 | (A) | Locked doors |
| S 2.37 | (C) | Clean desk policy |
Disposal
| S 2.13 | (A) | Correct disposal of resources requiring protection |