During a recent computer system/network review of HaTiMu Ltd, the following issues were identified:
§ computer staff are allowed unrestricted and unmonitored access to the internet,
§ all company staff are allowed free access to the offices in which the main computer facilities are located,
§ access to software programs is restricted by the use of a company password which is posted on the company’s intranet site (for security purposes the password is changed every three months),
§ all e-mails are monitored for key words (attachments to e-mails are not monitored).
Identify a risk exposure that each of the above issues present. For each of the above, give an example of the security procedure/control protocol that should exist and list one or more factors that could cause the risk exposure to be relatively high.