In September, 2014, TSC projects lost five laptops and a BGAN in [REDACTED]. It is not always possible to anticipate high-risk projects during the design phase because of changing security circumstances over the life of a project. It is crucial that Field Coordinators and Consultants inform Field Solutions immediately when a laptop or BGAN is lost.
Field Solutions held a formal information Risk Assessment with selected field-engaged Field Coordinators on 24 September, 2014. Only two risks were rated Extreme: having a laptop seized, and (because of its ubiquity) computer illiteracy. High risks were having a laptop stolen; malware; physical laptop failure due to power, drive failure, or travel damage; bad technical support; other (non-project) uses of the computer; and lack of 3G Internet voucher credit.
The Laptop Loss Mitigation Strategy is built around confidentiality, integrity, and availability. It is designed to protect the confidentiality of information contained on the laptop, to preserve the integrity of the information on the laptop, and to quickly replace a laptop following loss. The primary threat is a casual examination by a user of average skill. Forensic examination is out of scope.
Many components of the Laptop Loss Mitigation Strategy are already in place. One important element, ATA Security, requires additional implementation.
Separate discussions were held with several partner-engaged Field Coordinators. Their risks were significantly different and will require a separate risk assessment and mitigation strategy, outside the scope of this document.
[This document is available by request.]