Security Incident Policy Violation workflow template

The Security Incident - Policy Violation - Template allows you to perform a series of tasks designed to handle security policy violations.

Before you begin

Role required: sn_si.write

About this task

The workflow is triggered when the Category in a security incident is set to Policy violation. This action causes a response task to be created for the first activity in the workflow.

Policy Violation Template

Procedure

  1. Open the security incident for the policy violation, or create a new security incident.
  2. In Category, select Policy violation.
  3. Save the record.
  4. Scroll down and open the Response Tasks related list.
    The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the workflow to end.
    Table 1. Response tasks in Policy Violation Template
    Response task Action Results
    Classify violation Classify how this infraction violates your organization's security policies.

    Update the State field in the task after you have completed it.

    The Advise violator of infraction response task is created.
    Advise violator of infraction Communicate the nature of the infraction to the violator.

    Update the State field in the task after you have communicated it.

    The Obtain acknowledgement from violator response task is created.
    Obtain acknowledgement from violator Obtain an acknowledgement from the violator of the infraction.

    Update the State field in the task as appropriate.

    The HR process response task is created.
    HR process Communicate all necessary information about this violation to HR.

    Update the State field in the task as appropriate.

    The Set state to review response task is created.
    Set state to review No action is necessary. The State of the security incident is changed automatically to Review.
    Schedule security awareness training Conduct a security awareness training to educate staff on how to prevent similar security violations in the future.

    Update the State field in the task as appropriate.

    If you change the state of the task to Closed Complete or Cancelled, the workflow ends.