The original posting question: How should organizations respond to information system security threats?
The most vital step is for the organization to recognize that security threats are real - and initiate a defense. Policies and procedures must exist on how information systems will be managed, what protocol are utilized to monitor security violations, along with possible disciplinary and/or termination action if employees are involved in breaches.
Organizations should treat security threats as plausible and initiate a defense. In order to have an appropriate level of defense to any threat, the first step would be to have a clearly defined policy on how such circumstances will be managed and by whom. For example, if ...
This solution is about 200 words and provides recommendations for how an organization should respond to security threats of its information systems.