S 2.306 Reporting losses

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User

The failure, malfunctioning, destruction, or theft of an IT system should be reported immediately. There should be clear reporting paths and contact persons in every organisation for this purpose. This also applies to mobile data media. Even defective low-price data media should be reported so that IT management can determine whether large deliveries of the data media are affected by the defect. A high level of reliability and a long service life are especially important for the data media used for data backups and archiving purposes. When a theft has occurred, action must be taken quickly since it is not just a matter of buying another device, but also a matter of preventing the possible misuse of the corresponding information.

Confidential data the loss of which requires action to be taken can be found on laptops, PDAs, and similar devices, but also on mobile data media such as USB sticks, for example:

The subsequent reappearance of long-lost devices or data media is not just a reason to celebrate, but also a reason to think about why they suddenly reappeared. Before re-using the devices or data media for the first time, they should be examined to see whether they have been tampered with (e.g. if screws have been taken out or seals removed). Furthermore, software should also be reinstalled to ensure that they do not contain any manipulated programs (see also S 4.28 Software reinstallation in the case of change of laptop users). Lost data media that have been found again should be handled with the same care since they may contain malware.

Review questions:

© Federal Office for Information Security. All rights reserved.