Professional Documents
Culture Documents
2019itec854 45547912
2019itec854 45547912
2019itec854 45547912
Led by the Technical Manager, the functionality of the Technical team of SPARQ is interrelated to the
Production Team and R&D team.
Finance Team:
Person Responsible:
CFO
Resources and
HR Technical Team Technical support Production Team
Hiring Requirements
Person Responsible: Person Responsible: Person Responsible:
HR Manager Technical Manager Production Manger
R&D
Person Responsible:
R&D Manager
Information Assets:
1. Technical Logs: Technical logs are generated by the technical team during testing and
troubleshooting the hardware developed by the production team. These logs keep detailed
information about the various hardware components, their workings and events leading to
failure of components. Examination of these logs facilitates product troubleshooting and
are used to aid the production team in development.
Consequently, these logs are considered an information asset by the company because if
acquired by competitors, these logs can be used to gain insight of products under
development.
Troubleshooting
Manufactured by Manufacturing Technical Logs
Hardware Team
Improving the
Existing QoS provided by Modified
Procedures Technical Team Procedures
Modification
Threats Scenarios
1. Unauthorized access to documents (External): The threat that an external threat actor will try
to gain access to confidential company documents is omnipresent. If a hacker is successful in
gaining access to the Technical Logs or Technical Procedures, their confidentiality is breached. In
the scenario where the hacker decides to tamper with the documents, the integrity of the documents
is also compromised.
Vulnerabilities - Version control of documents is not present, and firewall is not properly
implemented.
Information asset affected - Technical Logs, Technical Procedures.
Controls - Implementing proper firewall and version control for the documents.
3. Improper logging of data: The possibility of improperly logging data in the technical logs can
be very high if personnel are overworked, sleep-deprived or have attention lapse. Because these
logs are used for troubleshooting and maintenance of the products, if improper data is
implemented, the consequences could be severe; the operation of machines can be affected, and
accidents can occur.
Vulnerabilities - Implementation without verification.
Information Asset affected - Technical Logs.
Controls - Multistage verification and signoffs of the documents before implementation.
4. Natural Disasters/Fire: In case of a natural disaster or fire, there exists the possibility of paper
documents being destroyed.
Vulnerabilities - No back-up of paper documents.
Information Asset affected - Technical Logs.
Controls - Keeping back-ups of paper documents in multiple secure locations (bank vaults) off-
site.
5. Virus attack: The threat of a virus attack on the company computers is ever present. If a major
virus attack takes place, the digitised Technical Logs may be rendered inaccessible.
Vulnerabilities - Good antivirus not available/Antivirus not updated.
Information Asset affected - Technical Logs.
Controls - Keeping antivirus updated.
6. Disk Failure: Hardware are susceptible to getting damaged. In case of a disk failure, the threat
of losing digitised Technical Logs is a possibility.
Vulnerabilities - Back-up of digitised files is not kept.
Information Asset affected - Technical Logs.
Controls - Keep encrypted back-up on the cloud.