Risk Analysis and Final Presentation
207
assistants who watch the offices for the most part, but there are times when the
offices are left unattended. In addition, although physical security measures exist
upon entering the building, no physical security measures are present once in the
building. Because of the sensitivity of the documents that these executives have, this
is an issue for the company. This finding can be worded in different ways and each
would have a different effect.
First, it can be worded as follows:
•
Ver sion 1:
In offices of key executives, sensitive documents are routinely
out in the open on desks. These documents are often not locked in cabinets.
Offices are not locked when executives are not present, resulting in anyone
being able to gain unauthorized access to sensitive documents.
•
Ver sion 2:
Sensitive documents are not properly locked up in key offices
of the company. These offices are often left open where anyone can gain
unauthorized access to these documents.
•
Ver sion 3:
In key offices, not all sensitive documents are properly secured
in locked cabinets. Although assistants or other support people normally
watch these offices, some brief instances occur where the offices are left
open and unattended, allowing anyone to walk in and access the sensitive
documents. Although physical security exists at the perimeter to control
who can enter the building, once in the building, people can walk relatively
freely.
Each of the three findings above illustrates the core point that sensitive docu-
ments are left exposed. However, each of the findings would probably be received
differently. Let us critique each one and note the differences:
•
Ver sion 1 —
Although this one communicates the point, it openly singles
out a group of people — the ones who are the final audience of the report.
It is possible that they
probably did not observe the whole company and
cannot say definitively that it is only the executives that are guilty of this.
In addition, the wording makes it sound as though all of the documents
are left out in the open and nothing is locked up, which is not true. Finally,
the finding also says that anyone can gain access to these offices and
ignores the fact that these offices are mostly watched and that physical
security measures control who can enter the building.
•
Ver sion 2 —
Like the first finding, this one also communicates the issue
of sensitive documents being at risk. This one, however, in the first
sentence, acknowledges that it is not all documents that are not locked
up. Like the first finding, this wording does not account for the fact that
these offices are mostly watched and that physical security measures
control access into the building.
•
Ver sion 3 —
This is the most appropriately worded of the three. The
wording of this finding not only communicates the nature of the finding —
that unauthorized individuals can gain access to sensitive documents — it
AU1706_book.fm Page 207 Tuesday, August 17, 2004 11:02 AM