S 3.13 Increasing staff awareness of potential threats to the PBX

Initiation responsibility: Personnel/Supervisory Board, IT Security Officer, PBX System Manager

Implementation responsibility: IT Security Officer, Administrator

The employees must be informed of the threats associated with the use of a digital PBX system. This may be performed with the help of brief instruction or leaflets, for example. It must be pointed out that any abnormal behaviour of the PBX system must be reported. In the event of manipulations to the PBX system, an independent control authority such as the Security Management or the Data Protection Officer should be informed.

Review questions:

• Is there are provision regarding sustainably raising the users' awareness for IT security aspects?
• Indications of security incidents: Is there a provision regarding the processes of reporting and verifying potential security incidents?