~/Cedric

No personal commitment to protect confidentiality Vulnerabilities

No rules for protecting the exchange of confidential information Vulnerabilities

No monitoring of application of the security policy Vulnerabilities

No emergency service close to the organisation Vulnerabilities

No installation standard for sites belonging to the organisation Vulnerabilities

No means of encryption Vulnerabilities

Additional hardware items can be fitted for storing, transmitting or corrupting information (e.g. physical keylogger). Vulnerabilities

Equipment used on self-service basis by a number of persons Vulnerabilities

No tracking and auditing system Vulnerabilities

Are there logs? Are they sufficient in terms of the checks to be carried out?

Access to back-up equipment not protected Vulnerabilities