Good cyber and physical security can make or break companies. While of course it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death knell of an organization unless responded to in a poor fashion (or not at all).
Companies with a complex security response policy, which identifies the appropriate steps to take in the wake of a security problem are much better aligned to survive the process intact.
The purpose of this Security Response Policy from TechRepublic Premium is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both end users and IT administrators.
From the policy:
This Security Response Policy can be customized as needed to fit the needs of your organization.
All employees, whether full-time, part-time, contract workers, consultants, part-time staff, interns and temporary workers, and other personnel are covered by this Security Response Policy. It also applies to all company-owned equipment, and employee-owned equipment used to conduct company business or material related thereto.