Episode 50 — A.7.7–7.8 — Clear desk/screen; Equipment siting & protection
A.7.7 codifies clear desk and clear screen practices so that sensitive information is not exposed to casual observation or theft. For the exam, remember that this applies to printed materials, removable media, whiteboards, unlocked sessions, and unattended devices. Policies should require locking screens when away, securing documents in drawers or cabinets, and using secure disposal for notes and printouts. Visual privacy controls—screen filters and designated confidential work areas—reduce shoulder surfing risk. Auditors will expect to see communication of rules, periodic checks, and disciplinary follow-through for repeated noncompliance. Candidates should link clear desk/screen to classification and labelling, explaining how markings guide handling and how behaviors support confidentiality in shared or high-traffic zones.
A.7.8 requires careful siting and protection of equipment to reduce environmental and opportunistic risks. Placement must minimize exposure to heat, liquids, vibration, and unauthorized viewing, with secure, ventilated enclosures for servers and networking devices. Cabling should be routed to prevent tampering and accidental disconnection, and power protection should include UPS with tested failover to generators where applicable. In open offices, docking stations and monitors should avoid public sightlines, and lockers should be provided for portable assets. Pitfalls include ad hoc equipment sprawl, unlabeled power circuits, and reliance on user habits instead of engineered safeguards. Strong implementations include site surveys, documented acceptance criteria for new installs, and periodic inspections that verify labeling, grounding, and physical condition. Candidates should be prepared to present evidence like floor plans, equipment checklists, UPS test records, and remediation logs from physical audits, demonstrating that everyday discipline and thoughtful design combine to protect information at the point where people and technology meet. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
