| ... | ... | @@ -41,6 +41,24 @@ Do you have any questions before we begin? |
|
|
|
- Can you tell me your occupation?
|
|
|
|
- Alternative: or what do you spend your time doing most?
|
|
|
|
- Could you describe what your organization does, in generic terms?
|
|
|
|
- When you have a technical problem, how do you get help?
|
|
|
|
- How often do you need help?
|
|
|
|
- How long does it take to fix a problem?
|
|
|
|
- What is most difficult when facing a technical problem?
|
|
|
|
- Does your organization provide you with equipement?
|
|
|
|
- Do you feel documents and communications are adequately protected?
|
|
|
|
- What is the most important aspect of this protection?
|
|
|
|
- What is the most important weakness of this protection?
|
|
|
|
- Could you describe the security policy of the organization?
|
|
|
|
- Did you participate in defining this policy?
|
|
|
|
- Do you fully understand all aspects of the security policy?
|
|
|
|
- Do you sometime find yourself unable to comply with the security policy?
|
|
|
|
- When working with people within the organization
|
|
|
|
- When communicating with people outside of the organization
|
|
|
|
- What prevented you from complying?
|
|
|
|
- What do you do when a service or software misbehaves and you don't know why?
|
|
|
|
- Have you looked at the threat model of your organization?
|
|
|
|
- Do you participate in the making of the threat model of your organization?
|
|
|
|
- Could you explain how your first contact with whistleblowers happen, step by step?
|
|
|
|
- Is this your only activity in the organization?
|
|
|
|
- How long have you been working for this organization?
|
| ... | ... | |
