~/Cedric

Persons without a service reason can gain access Vulnerabilities

Can unauthorised persons access information without physical barriers? Is it easy to access? Are the premises public? Is there a passage or corridor nearby?

Possibility of installing correction programmes, updates, patches, hotfixes, etc. Vulnerabilities

The principle of least privilege is not applied Vulnerabilities

Who has access rights? Do rights correspond to users' roles?

No screen locker/locking functionality is active Vulnerabilities

The interfaces can be accessed by everyone Vulnerabilities

No service level management Vulnerabilities

SLA? How often is hardware replaced? How resilient is the system in place?

Tempting equipment (trading value, technology, strategic) Vulnerabilities

Equipment requiring air-conditioning in order to operate Vulnerabilities

The equipment can be booted from any peripheral (e.g. floppy disc, CD-ROM) Vulnerabilities

Logical access to equipment allowing eavesdropping software to be installed Vulnerabilities