R&M Data Center Handbook

Recommendations

Info

www.datacenter.rdm.com The German Federal Association for Information Technology, Telecommunications and New Media (BITKOM) has compiled basic standards on IT security and risk management within the compass of their IT security standards (current edition 2009). Below are some extracts which are of particular relevance for data centers. Information Security Management System (ISMS) Security measures and monitorin g Risk mgmt Relevant standards Regulations ISO/IEC 27001 ISO/IEC 27002 ISO/IEC 27006 IT-GS (DE) ISO/IEC 18028 ISO/IEC 24762 BS 25777:2008 ISO/IEC 27005 MaRisk / MaRisk VA COSO ISO/IEC 38500 Cobit ITIL IDW PS 330 (DE) SWISS GAAP FER (CH) KonTraG (Ger) / RRG (CH) SOX / EURO SOX Basel II/III Solvency II BDSG (Ger) / DSG (CH) Enterprise type Banks/insurances ∅ ∅ ∅ ∅ ∅ Authorities/administrations ∅ ∅ ∅ ∅ Consultancy firms ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ HW/SW manufacturers ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ IT service providers ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ Public health system ∅ ∅ ∅ ∅ ∅ Law firms ∅ ∅ ∅ ∅ ∅ ∅ ∅ Skilled trades and industry ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ Service providers ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ International orientation ∅ ∅ ∅ ∅ Relevance: High ∅ Medium Low Information Security Management System (ISMS) • ISO/IEC 27001 This standard describes the basic requirement concerning the ISMS in an organization (company or public authority). It emerged from the British standard BS 7799-2. Its objective is to specify the requirements for an ISMS in a process approach. The standard primarily addresses company management and IT security managers, and secondarily implementation managers, technicians and administrators. The ISMS implementation can be audited by internal and external auditors. • ISO/IEC 27002 This is a guide to information security management. The standard emerged from the British BS 7799-1. Basically, this standard is to be applied where a need for information protection exists. The standard addresses IT security managers. • ISO/IEC 27006 Requirements for bodies providing audits and certifications of information security management systems. R&M Data Center Handbook V2.0 © 08/2011 Reichle & De-Massari AG Page 29 of 156
www.datacenter.rdm.com • IT Baseline Protection Since 1994, the Federal Office for Information Security (BSI) in Germany has been issuing the IT Baseline Protection Manual, which provides detailed descriptions of IT security measures and requirements for the IT security management. In 2006 the manual was adapted to international standards, rendering it fully compatible with ISO/IEC 27001 while also incorporating the recommendations specified in ISO/IEC 27002. ISO/IEC 27001 certification based on IT baseline protection can be applied for with the BSI. Security Measures and Monitoring The following standards deal with enhancing IT network security. IT network security is not restricted to internal corporate networks, but also includes the security of external network access points. A selection of standards follows below. • ISO/IEC 18028 (soon 27033) The objective of this standard is to focus on IT network security by specifying detailed guidelines aimed at different target groups within an organization. It includes security aspects in the handling, maintenance and operation of IT networks plus their external connections. The standard comprises five parts: 1. Guidelines for network security 2. Guidelines for the design and implementation of network security 3. Securing communications between networks using Security Gateways 4. Remote access 5. Securing communications between networks using Virtual Private Networks (VPN) • ISO/IEC 24762 This standard provides guidelines on the provision of information and communications technology disaster recovery (ICT DR) services. It includes requirements and best practices for implementing disaster recovery services for information and communications technologies, for example emergency workstations and alternate processing sites. • BS 25777:2008 The objective of this standard is to establish and maintain an IT Continuity Management system. Risk Management • ISO/IEC 27005 This standard provides guidelines for a systematic, process-oriented risk management system that supports the requirements for a risk management in accordance with ISO/IEC 27001. • MaRisk / MaRisk VA The Minimum Requirements for Risk Management (MaRisk) for banks were first issued in 2005 by the German Federal Financial Supervisory Authority (BaFin). They include requirements for IT security and disaster recovery planning. In 2009 another edition was published, which was expanded to include insurance companies, leasing and factoring companies (MaRisk VA). Relevant Standards • COSO The COSO model was developed by the organization of the same name (Committee of Sponsoring Organizations of the Treadway Commission). It provides a framework for internal control systems and describes: o o o o o A method for introducing the primary components of an internal control system, e.g. the control environment in a company Risk evaluation procedures Specific control activities Information and communication measures in a company Measures required for the monitoring of the control system COSO is the basis of reference models like Cobit and facilitates their introduction. Page 30 of 156 © 08/2011 Reichle & De-Massari AG R&M Data Center Handbook V2.0
Page 1 and 2: R&M Data Center Handbook
Page 3 and 4: www.datacenter.rdm.com Table of Con
Page 5 and 6: www.datacenter.rdm.com 4. Appendix
Page 7 and 8: www.datacenter.rdm.com File Server
Page 9 and 10: www.datacenter.rdm.com Storage Arch
Page 11 and 12: www.datacenter.rdm.com • Yahoo!:
Page 13 and 14: www.datacenter.rdm.com Cabinet syst
Page 15 and 16: www.datacenter.rdm.com 1.10. Energy
Page 17 and 18: www.datacenter.rdm.com 1.12. Securi
Page 19 and 20: www.datacenter.rdm.com In general,
Page 21 and 22: www.datacenter.rdm.com 2. Planning
Page 23 and 24: www.datacenter.rdm.com Typology bas
Page 25 and 26: www.datacenter.rdm.com 2.2.2. Class
Page 27 and 28: www.datacenter.rdm.com For cabling
Page 29: www.datacenter.rdm.com 2.3.2. IT Ri
Page 33 and 34: www.datacenter.rdm.com Depending on
Page 35 and 36: www.datacenter.rdm.com 2.3.6. Poten
Page 37 and 38: www.datacenter.rdm.com The followin
Page 39 and 40: www.datacenter.rdm.com Moreover, th
Page 41 and 42: www.datacenter.rdm.com 2.4.3. Expec
Page 43 and 44: www.datacenter.rdm.com There are se
Page 45 and 46: www.datacenter.rdm.com 2.5. Aspects
Page 47 and 48: www.datacenter.rdm.com 3. Data Cent
Page 49 and 50: www.datacenter.rdm.com ENI: Externa
Page 51 and 52: www.datacenter.rdm.com 3.1.4. TIA-9
Page 53 and 54: www.datacenter.rdm.com Individual a
Page 55 and 56: www.datacenter.rdm.com 3.3. Network
Page 57 and 58: www.datacenter.rdm.com Aggregation
Page 59 and 60: www.datacenter.rdm.com The differen
Page 61 and 62: www.datacenter.rdm.com 3.4.2. End o
Page 63 and 64: www.datacenter.rdm.com 3.4.4. Two R
Page 65 and 66: www.datacenter.rdm.com In contrast
Page 67 and 68: www.datacenter.rdm.com 3.5. Data Ce
Page 69 and 70: www.datacenter.rdm.com In buildings
Page 71 and 72: www.datacenter.rdm.com Higher tempe
Page 73 and 74: www.datacenter.rdm.com The server c
Page 75 and 76: www.datacenter.rdm.com Tray The adv
Page 77 and 78: www.datacenter.rdm.com Fire and Lig
Page 79 and 80: www.datacenter.rdm.com Vandalism, T
Page 81 and 82:
www.datacenter.rdm.com Server (Sing
Page 83 and 84:
www.datacenter.rdm.com The key perf
Page 85 and 86:
www.datacenter.rdm.com Storage Solu
Page 87 and 88:
www.datacenter.rdm.com Router A rou
Page 89 and 90:
www.datacenter.rdm.com A GBIC modul
Page 91 and 92:
www.datacenter.rdm.com 3.6.6. Trend
Page 93 and 94:
www.datacenter.rdm.com Classic Stru
Page 95 and 96:
www.datacenter.rdm.com 3.7.3. Trend
Page 97 and 98:
www.datacenter.rdm.com Layer 1 - Ph
Page 99 and 100:
www.datacenter.rdm.com Although the
Page 101 and 102:
www.datacenter.rdm.com All optical
Page 103 and 104:
www.datacenter.rdm.com Trend Server
Page 105 and 106:
www.datacenter.rdm.com 3.8.4. Fibre
Page 107 and 108:
www.datacenter.rdm.com The InfiniBa
Page 109 and 110:
www.datacenter.rdm.com Shortest Pat
Page 111 and 112:
www.datacenter.rdm.com 3.9.1 Coax a
Page 113 and 114:
www.datacenter.rdm.com Since old ca
Page 115 and 116:
www.datacenter.rdm.com The closenes
Page 117 and 118:
www.datacenter.rdm.com R&M’s visu
Page 119 and 120:
www.datacenter.rdm.com The followin
Page 121 and 122:
www.datacenter.rdm.com As already m
Page 123 and 124:
www.datacenter.rdm.com According to
Page 125 and 126:
www.datacenter.rdm.com Summary Desp
Page 127 and 128:
www.datacenter.rdm.com Two examinat
Page 129 and 130:
www.datacenter.rdm.com The criteria
Page 131 and 132:
www.datacenter.rdm.com Adapters The
Page 133 and 134:
www.datacenter.rdm.com Method R Met
Page 135 and 136:
www.datacenter.rdm.com Methode B Re
Page 137 and 138:
www.datacenter.rdm.com PD Operation
Page 139 and 140:
www.datacenter.rdm.com The investig
Page 141 and 142:
www.datacenter.rdm.com Thanks to th
Page 143 and 144:
www.datacenter.rdm.com The permanen
Page 145 and 146:
www.datacenter.rdm.com The intersec
Page 147 and 148:
www.datacenter.rdm.com Alien crosst
Page 149 and 150:
www.datacenter.rdm.com The Cat. 7 A
Page 151 and 152:
www.datacenter.rdm.com With the “
Page 153 and 154:
www.datacenter.rdm.com Stress condi
Page 155 and 156:
www.datacenter.rdm.com Immunity aga
Page 157 and 158:
www.datacenter.rdm.com 4. Appendix
show all

R&M Data Center Handbook

Create successful ePaper yourself

Delete template?

Save as template?