Re: Layers...like an onion
Best practice??? By whose definition?
Pretty much every infosec pro I've spoken to or worked with. On top of that we also consider passworded screen savers a best practice.
New regulatory issues also drive the adoption of these policies, the newest being GDPR. Of course GDPR does not stipulate clear desk policies but as a security manager one would consider a clear desk policy as a mechanism to reduce the risk of data breaches.
https://www.sans.org/security-resources/policies/general/pdf/clean-desk-policy
Biting the hand that feeds IT
