~/Cedric

Ancillary equipment making it easier to pick up compromising stray signals (electrical cables, pipes, etc.) Vulnerabilities

Use of a standard operating system on which logical attacks have already been carried out Vulnerabilities

Use of a standard operating system on which logical attacks have already been carried out

Update management (patches) is flawed Vulnerabilities

Is there a procedure? Is it formal? How frequently is it implemented? Who is in charge? Are tests performed? Before? After?

No procedures for system install and configuration Vulnerabilities

Installation from standardised images? Default programmes? Administrator rights Hardening (USB/BIOS block, etc.)

User authentication is not ensured Vulnerabilities

Is there a password policy? Are there good practices (length, complexity, change, etc.)? Is there one account per person? Are there shared accounts?

Authorisation management is flawed Vulnerabilities

Is there a formal procedure? Who authorises access? Is the four-eyes principle followed?

No revision of air-conditioning needs when premises are modified or equipment is added. Vulnerabilities

Is there air conditioning? Should there be? Is it correctly maintained? Is it the right size?

No supervision of third-party access (supplier, cleaner, etc.) Vulnerabilities

Are normally unauthorised persons (internal or external) monitored when given special access?

No organisation for management of security incidents Vulnerabilities

Is there an incident report procedure? Is it formal? Who processes incidents? Is there an escalation procedure?

No definition of responsibilities Vulnerabilities

Are security responsibilities defined? Are they formal? Are there double responsibilities? Is the four-eyes principle applied?