Many faults and errors can occur in the day-to-day IT operations of an organisation. If the responsible employees are not sufficiently qualified, aware, and trained—for example, if they have an outdated level of knowledge for the tasks they perform—they may not identify security-relevant events as such and allow attacks to go undetected. Even if the employees are adequately qualified, trained, and aware of issues relating to information security, it cannot be ruled out that they may fail to recognise security incidents. In some situations (e.g. those involving staff shortages or layoffs), employees may have to temporarily take on the tasks of other employees. Errors can occur if staff members do not have the necessary qualifications or are insufficiently trained for the tasks they take on.