Problem:
You are an IT manager in an organization. During a routine check of the log files on network usage, you find that one of the users Donald is using the network to access files from the server every day for 2 to 3 hours after regular working hours. You meet Donald in the cafeteria the next day and tell him not to work after regular hours. Donald is surprised and says that he very rarely works long hours. It's clear to you that someone has hacked on to the network and used Donald's credentials to access the servers. You find the culprit on further investigation. How will you react to the situation based on your responsibilities as an IT manager? In this situation which policy should the organization follow?