Skip to content

Q & A on breaches

Jump to bottom Edit New page
Cris Simpson edited this page Jan 7, 2023 · 2 revisions

Two concerns:

  • Access to data held by PDP systems
  • Enabling access to PAWS's Salseforce instance
  1. Who would be in a position to detect a breach?
  1. How would one detect a breach - what would it look like?
  1. What are the ways to access the system/data?_
    - Log into website (Password leak, brute-forcing, exploit login process)
    - Via CfP k8s administrative access
    - Via PAWS Salesforce instance
  1. Which access methods are easiest to allow access by an unauthorized person?
    - PDP website has only password protection (no TOTP, 2FA, IP whitelists)
  1. What data could be collected? What would the value be?
    - PDP: Names, addresses, email addresses
    - PAWS SF: ?
  1. How can we minimize the data available within PDP to unauthorized users?
    - We could truncate all tables (except volgistics) after match and push process
  1. Assuming a detected breach, who at PAWS should be contacted?
  1. What actions should be taken if a breach is detected?
Add a custom footer
Add a custom sidebar
Clone this wiki locally