Users should be advised to terminate active sessions when finished, unless they can be secured by an appropriate locking mechanism, e.g. a password protected screen saver; log-off mainframe computers, servers, and office PCs when the session is finished; secure PCs or terminals from unauthorized use by a key lock or an equivalent control. A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities should be adopted.".

             3.Remote user authentication methods and policies - This will be based on Section 11.4.2 User authentication for external users of ISO 17799 wherein, "Appropriate authentication methods should be used to control access by remote users. Authentication of remote users can be achieved using, for example, a cryptographic based technique, hardware tokens, or a challenge/response protocol. Possible implementations of such techniques can be found in various virtual private network (VPN) solutions. Dedicated private lines can also be used to provide assurance of the source of connections. Dial-back procedures and controls, e.g. using dial-back modems, can provide protection against unauthorized and unwanted connections to an organization's information processing facilities. This type of control authenticates users trying to establish a connection to an organization's network from remote locations.".

             4.Password policy - This will be based on Section 11.3.1 Password use of ISO 17799 wherein, "Users should be required to follow good security practices in the selection and use of passwords.