~/Cedric

Premises are not secure or could be compromised by external elements Vulnerabilities

Are environmental incidents possible (water, flooding, fire, dust, pipes, excessive heat, etc.)? Have fire doors been put in? Are there smoke detectors and fire extinguishers?

The supplier does not manage remote maintenance properly Vulnerabilities

Link permanently maintained Unencrypted exchanges No record

Problems in change management or software maintenance Vulnerabilities

Is change management for software or the IT system correct? Is there planning for changes? Cost estimates? Tests before production begins?

User rights allow information to be exported Vulnerabilities

Can data be exported? Also in a structured format (XLS, CSV, XML, etc.)?

Insufficient competency Vulnerabilities

Flaws in the management or use of accounts with privileges Vulnerabilities

Are the accounts with privileges listed? Are passwords stored? Are they regularly reviewed? Are rights managed by user profile/role?

Equipment or software maintained remotely via telecommunication equipment Vulnerabilities

No contractual clauses covering the security measures to be observed by subcontractors and suppliers Vulnerabilities

Are there subcontractors? Are there special clauses added to contracts? Is there an NDA? Is there an SLA? What is the usage rate of subcontracting?

Possibility of the operating system being subjected to badly formed requests and data (e.g. buffer overflow) Vulnerabilities

The passwords entered for access to the operating system are decipherable Vulnerabilities