S 2.39 Response to violations of security policies

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: IT Security Officer

The response to violations of security policies should be defined in order to guarantee a clear and prompt response.

An investigation should be conducted to determine how and where the violation occurred. Afterwards, appropriate measures must be taken to eliminate or minimise the damage caused. If necessary, additional damage prevention safeguards must be implemented. The actions to be taken depend on the type of violation and on the perpetrator.

It must be specified who is responsible for contacting other organisations to obtain information on known security gaps (see also S 2.35 Obtaining information on security weaknesses of the system) or to pass on information regarding security gaps that have been recently discovered. It must be ensured that all other bodies that could be affected by the security gaps are informed as quickly as possible (see module S 1.8 Handling of security incidents).

Review questions:

• Is there a clearly defined approach to follow in the event of suspected security policy violations?