~/Cedric

No training to explain the conditions controlling the lawful use of information Vulnerabilities

Low awareness of the need to protect information Vulnerabilities

No IT charter specifying the rules of use Vulnerabilities

IT charter Conditions of use General terms and conditions

Inadequate awareness of the need to protect sensitive information Vulnerabilities

Obtaining an advantage through picking up information Vulnerabilities

No implementation of incident monitoring to foresee failures or saturation (trend charts) Vulnerabilities

Personnel not aware of the risk of sanction Vulnerabilities

No policy for partitioning user environments to avoid unintentional assignment of rights to modify the system and application Vulnerabilities

No awareness programme concerning the risks of usurping of identity (misuse of means of authentication such as passwords) Vulnerabilities

No code of conduct Vulnerabilities