History

Priority

should

Nov 2018

Removed

Removed due to a merge of relevant content into security control 0922.

2017

Agencies should:• encourage personnel to note and report any observed or suspected security weaknesses in,or threats to, systems or services• establish and follow procedures for reporting software malfunctions• put mechanisms in place to enable the types, volumes and costs of cyber security incidents• and malfunctions to be quantified and monitored• manage the violation of information security policies and procedures by personnel througha formal disciplinary process.

2015

Agencies should:• encourage personnel to note and report any observed or suspected security weaknesses in,or threats to, systems or services• establish and follow procedures for reporting software malfunctions• put mechanisms in place to enable the types, volumes and costs of cyber security incidentsand malfunctions to be quantified and monitored• manage the violation of information security policies and procedures by personnel througha formal disciplinary process.

2010

Agencies should:• encourage personnel to note and report any observed or suspected security weaknesses in, or threats to,systems or services• establish and follow procedures for reporting software malfunctions• put mechanisms in place to enable the types, volumes and costs of cyber security incidents andmalfunctions to be quantified and monitored• deal with the violation of information security policies and procedures by personnel through a formaldisciplinary process.

2008

Agencies should: a. encourage staff members to note and report any observed or suspected security weaknesses in, or threats to, systems or services b. establish and follow procedures for reporting software malfunctions c. put mechanisms in place to enable the types, volumes and costs of ICT security incidents and malfunctions to be quantified and monitored d. deal with the violation of agency ICT security policies and procedures by staff members through a formal disciplinary process.