Thank you for contacting me about the security breach at your data center. I understand the frustrations you are facing. I have created a preliminary report of the security issues at your facilities.
The procedures at your facilities is extremely lax and many of your policy’s need to be updated quickly to prevent additional problems.
Here is a quick list of the most urgent issues:
Critical controls where located in unsecure locations allowing the intruders to access the critical functions and areas.
Corrective Actions: All critical controls should be in secure locations. They should be monitored by surveillance cameras and have access control. Make sure all access doors are closed and secure. Make sure command center officers know how to respond to alarms and unauthorized access.
Security personnel where severely unprepared for a possible attack. Security protocols looked disabled or not being followed.
Corrective Actions: Proper training and written procedures would have made sure officers were prepared for attacks. Simulated attacks will also prepare your officers to handle stressful situations. Working with local authorities will also help when being attacked, if they know how your facility is managed they can help minimize shady characters lurking on you perimeters.
Lack of surveillance devices limited situational awareness.
Corrective Actions: Looking out windows is a poor way to see what is happening in you high security facility. Proper camera placement and software analytics will provide quick updates to unauthorized access and intruders.
Giant At-At walkers on a planet of small islands and large bodies of water. Limiting their affective use.
Corrective Actions: The use of the large 4 legged walkers was ill-suited for that environment. The smaller 2 legged walkers would have been better suited for that environment.
No card readers or biometrics on the doors.
Corrective Actions: Suggest securing the doors with card readers that utilize an identification card or biometrics. This prevents unauthorized access at the perimeter access points. For secure areas I suggest dual layer access requirements. Examples would be dual person access or access card with biometric confirmation.
Landscaping and leaving containers laying around provided optical cover for attacking intruders.
Corrective Actions: Have maintenance personnel maintain a minimum site line of 50’ from the building of all landscaping. Poor housekeeping procedures allowed intruders to hide and use as cover while attacking. Once unpacked get rid of all shipping material ASAP. If shipping containers are waiting to be emptied they should be stored in a secure guarded location until the contents are confirmed and emptied.
Physical data storage not properly protected. Data retrieval device was not secure. Glass enclosure was not blaster proof. Secondary protection was nonexistent.
Corrective Actions: Access to the data storage area was not secure. The data center command center was not designed correctly to protect said data. The intruders where able to access the control room and then shoot the glass barrier then jump to the storage array. They then where able to remove a drive without a security key. Then the where allowed access to the outside data transfer point, once again in a unsecure location.
Asset management is sloppy. They allowed a stolen strategy robot to continue to have access to their network. As well as allowing a stolen mining ship access to the planet’s surface.
Corrective Actions: Asset management needs a massive overhaul. When an asset is reported missing the credentials of that asset should be removed immediately. Vehicle access control should be a priority. An unauthorized ship was allowed through the force field. A daily delivery/tracking log should be implemented ASAP. A procedure for ships not on the daily report should be created ASAP. It is my suggestion that ships not on the daily report be quarantined on the secure side of the force field. This simple procedure would have prevented the theft of your critical data.
A security detail inspecting a ship disappears and doesn’t raise any red flags, clearly a supervisor error.
Corrective Actions: Security procedures should state that when an inspection crew does not report in with-in minutes of first contact on an unexpected ship, then an alert should be sent out.
Unauthorized access in a secure facility.
Corrective Actions: The Empire’s instance that personnel wear helmets hiders quick identification procedures. I would recommend that a Photo ID badge program be implemented immediately. This ID card would be used to control access to the facility. It would also be utilized by security personnel to ID intruders. Recommend all personnel remove all helmets and covers while inside the facility. This will eliminate an intruder from hiding in plan site and compromising your security procedures.
I will follow up with a detailed report shortly. Please feel free to contact me if any assistance is needed in implementing any of the above procedures. I can be reached at email@example.com