~/Cedric

No structure allowing identification of a person to be guaranteed within the organisation or a project Vulnerabilities

No instructions (warning, prevention, reaction, etc.) Vulnerabilities

No policy for protecting the workstations Vulnerabilities

No global policy for managing and archiving tracks and other elements of proof Vulnerabilities

No double checking of critical processes Vulnerabilities

Accesses to the IS are not secured (gateways, intrusion detection, supervision of security events, etc.) Vulnerabilities

No monitoring of maintenance contracts Vulnerabilities

No fire-fighting organisation (description of roles and responsibilities) Vulnerabilities

No clause or procedures for transfer of knowledge Vulnerabilities

No guarantee of the organisation's durability Vulnerabilities