During a recent computer system/network review of HaTiMu Ltd, the following issues were identified:
1. computer staff are allowed unrestricted and unmonitored access to the internet,
2. all company staff are allowed free access to the offices in which the main computer facilities are located,
3. access to software programs is restricted by the use of a company password which is posted on the company’s intranet site (for security purposes the password is changed every three months),
4. all e-mails are monitored for key words (attachments to e-mails are not monitored).
Identify a risk exposure that each of the above issues present. For each of the above, give an example of the security procedure/control protocol that should exist and list one or more factors that could cause the risk exposure to be relatively high.