Planet Of The Grapes Case Study Summary
1. The back-office duties are only undertaken by full time staff, but the staff common areas and offices are not locked or physically separated. Front counter/cashier duties are sometimes taken on by full timers but also by casual staff. Physical item such as the RSA token, confidential doc all not locked. cleaners, or other people just tailgate in the office and steal the doc, no one knows.
2. Turnover of casual staff is quite large. No proper documentation of keeping track of part time stuff.
3. Remote access services are enabled on some but not all of the machines. SSH port open, attacker might try to access the SSH by bruteforcing. once the attacker cracked the SSH, they can conduct MITM for the remote access.
4. There is no centralized …show more content…
Examples like clearances, accounting and confidential document handling are back-office duties that full-time staff must undertake as casual staff may mishandle these duties such as leaking of confidential information like projects of the company, allowing competitors still steal opportunities or leaking intangible accounting data such as profit and loss of the company’s that affects their financial creditability. A log book would be recommended to keep track of every actions done by both full-time and casual staff, duty roster can also be implemented for full-time staff to take turns keeping track of action. Hence proper documentation is very crucial in back-office, keeping track of people who enters the back-office and also, keeping track of documents that have been printed and brought out of the office so that non-repudiation will be in place, preventing the culprit from denying their actions; furthermore, surveillance CCTV is recommended to be installed in the office in order to further enforce …show more content…
Physical item such as company’s stamp, RSA token and electronic devices such as laptop and phone and also, confidential documents are not locked, anyone including cleaners, casual staffs and strangers can tailgate themselves into the office and steal all these items. Trivial yet sensitive information like users’ login credential username and password who carelessly written on memos can be easily stolen on office’s table or can be used to access into the workstations to steal or send out confidential e-documents out of the office’s domain thru email. Hence surveillance CCTV should also be recommended in this area as well in order to enforce
2. Turnover of casual staff is quite large. No proper documentation of keeping track of part time stuff.
3. Remote access services are enabled on some but not all of the machines. SSH port open, attacker might try to access the SSH by bruteforcing. once the attacker cracked the SSH, they can conduct MITM for the remote access.
4. There is no centralized …show more content…
Examples like clearances, accounting and confidential document handling are back-office duties that full-time staff must undertake as casual staff may mishandle these duties such as leaking of confidential information like projects of the company, allowing competitors still steal opportunities or leaking intangible accounting data such as profit and loss of the company’s that affects their financial creditability. A log book would be recommended to keep track of every actions done by both full-time and casual staff, duty roster can also be implemented for full-time staff to take turns keeping track of action. Hence proper documentation is very crucial in back-office, keeping track of people who enters the back-office and also, keeping track of documents that have been printed and brought out of the office so that non-repudiation will be in place, preventing the culprit from denying their actions; furthermore, surveillance CCTV is recommended to be installed in the office in order to further enforce …show more content…
Physical item such as company’s stamp, RSA token and electronic devices such as laptop and phone and also, confidential documents are not locked, anyone including cleaners, casual staffs and strangers can tailgate themselves into the office and steal all these items. Trivial yet sensitive information like users’ login credential username and password who carelessly written on memos can be easily stolen on office’s table or can be used to access into the workstations to steal or send out confidential e-documents out of the office’s domain thru email. Hence surveillance CCTV should also be recommended in this area as well in order to enforce