The breach of a bank's information security policy could result in both strict

punitive actions and disciplinary measures. Therefore, the correct answer is c) a&b
both.

Banks take information security very seriously due to the sensitive nature of the
data they handle, such as customer financial information. When a breach of the
bank's information security policy occurs, the consequences can be severe. Here's
an explanation of each option:

a) Strict punitive actions: Banks may enforce strict punitive actions against
individuals or entities responsible for the breach. This can include legal actions,
fines, penalties, or other forms of punishment imposed by regulatory authorities or
law enforcement agencies. The severity of punitive actions can vary depending on
the nature and extent of the breach, as well as applicable laws and regulations.

b) Disciplinary measures: Internally, the bank may take disciplinary measures

against employees or third parties involved in the breach. This can include
reprimands, suspensions, termination of employment or contracts, or other
disciplinary actions based on the bank's policies and procedures. Disciplinary
measures are intended to hold individuals accountable for their actions or
negligence that led to the breach.

By combining these options, c) a&b both, it acknowledges that both strict punitive
actions and disciplinary measures can be applied simultaneously or in different
contexts following a bank's information security policy breach.

It's important for banks to enforce these consequences to deter future breaches,
protect customer trust, maintain regulatory compliance, and uphold the
confidentiality, integrity, and availability of sensitive financial information.