Your organization has a policy which prohibits USB storage devices from entering or leaving the building. However, they are authorized for use within the internal environment. Everyone entering the building is subject to package inspection, container x‐ray and metal detectors. USB storage devices are checked out to users in library fashion when needed and are returned at the end of each day. The librarian properly keeps strict records for each device and verifies that every device is returned before the end of each day. After a long weekend, the librarian discovers that most of the storage devices are now missing.
What could have prevented this?
A. End user training
B. A storage safe
C. Using biometric or pin‐code security based USB devices
D. Classification labels
The correct answer is B.
This situation reveals that while this organization has implemented many excellent security procedures related to the use of removable media, the one they have overlooked is the use of a storage safe.
End-user training would not have prevented the theft or missing devices. Having biometrics or PINs on the USB devices would not have prevented the theft or loss. And labels of classification on the USB devices would not have prevented the theft or loss.