Suppose a payroll system secretly leaks a list of names of e

Suppose a payroll system secretly leaks a list of names of employees earning more than a certain amount each pay period. Who would be harmed by such a vulnerability? How could such a vulnerability come about? What controls could be instituted to counter such a vulnerability? Suppose the leakage was not just names but also employees\' identification numbers and full pay amounts. Would the people harmed or the degree of harm be different?   Why or why not? If the employees are the ones suffering the greatest harm, who should be responsible for countering this vulnerability: the employee or the employer? Why?

Solution

By any vulnerability all the employees are effected. Such vulnerability can came by unauthorized access of the database to the wrong application. We should check the leaky system code for any bug or wrong query which might be enabling to bypass the security. Yes that depends on the sensitivity of the identity of a person. For example identity of a security official guarding president is highlt sensitive. In any can both sholud collaborate to reduce the harm, at last it\'s employee who will fix it on the orders of employeer.