S 2.39 Response to violations of security policies

Initiation responsibility: Head of IT Section, IT Security management

Implementation responsibility: IT Security Management

The response to violations of security policies should be laid down so as to ensure a clear and prompt response.

Investigations should be carried out to establish how and where such violation has originated. Subsequently, the appropriate measures must be taken to remedy or minimise the damage caused. If required, additional loss-prevention measures must be taken. The action to be taken will depend both on the nature of the violation and on the offender.

Provisions must be laid down on who is responsible for contacts with other organisations for the purpose of obtaining information on known security flaws (cf. also S 2.35 - Obtaining information on security weaknesses of the system) or of passing on information about recently detected security breaches. Care must be taken to inform any other possibly affected units/agencies by the fastest means possible.

Additional controls:

• Has the approach to be taken in case of suspected violations of security policies been clearly defined?