quick case study for the cybersec folks here. got this real story in my dpo class & wanted ur thoughts.
IT guy at a bank, last day of his notice period. a trainee saw him puttin some CD-ROMs in his bag & told security. they checked him at the exit and found a full export of the bank’s top clients on the discs. guy got fired for gross misconduct & a police complaint was filed.
any red flags or stuff that stands out to u technicaly or otherwise ? i have my own ideas on this cas but curious what u guys think first?
thx 😎
Some operational security questions: What’s this trainee doing? Why was it a trainee noticing things being put in backpacks? Why was the trainee the one notifying security?
Are there protocols in place for media being brought in or out of the facility and its workstations? Why or why not? Was the trainee the only one who reviewed them recently enough to notice a breach and alert?
But most importantly and at any rate you don’t do the grand heist on the last day. Rookie move.