~/Cedric

7f9fc3d7-4f02-11e9-b3ea-0800277f0571 Risks

Asset: IT Room or Datacenter. Threat: Failure of air-conditioning. Vulnerability: No revision of air-conditioning needs when premises are modified or equipment is added.

7f9fc464-4f02-11e9-b3ea-0800277f0571 Risks

Asset: Software development. Threat: Malware infection. Vulnerability: No code review or intrusion tests

7f9fc4d8-4f02-11e9-b3ea-0800277f0571 Risks

Asset: Multifuntion Printer. Threat: Abuse of rights. Vulnerability: The supplier does not manage remote maintenance properly

Medium and supports whose characteristics allow eavesdropping (e.g. Ethernet, wireless communication systems) Vulnerabilities

What type of medium? Encrypted format? Encrypted content?

7f9fc565-4f02-11e9-b3ea-0800277f0571 Risks

Asset: Desktop computer. Threat: Malware infection. Vulnerability: Update management (patches) is flawed

No contractual clauses guaranteeing cover of the activities if a crisis is declared at the supplier's site Vulnerabilities

No contractual clause covering the quality of service of systems placed under limit conditions (intense demand on the system, input of non-compliant data, input of data corresponding to operating limits) Vulnerabilities

OpenPGP key server - WIP GDPR records of processing activities

OpenPGP key server (Work In Progress)

No maintenance procedure Vulnerabilities

Is there a maintenance procedure? Are the staff members internal or external? Are they supervised while working? Are there contracts? Is there an NDA?

Configuration of software components not managed or prone to management errors (e.g. application of a UK patch not adapted to a FR version) Vulnerabilities