IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.188 Security guidelines and rules for the use of<br />

mobile phones<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

A number of different ways of protecting mobile phones against misuse are<br />

available. In order that the methods are also used, a set of security guidelines<br />

specifying all the security mechanisms to be implemented should be drawn up.<br />

In addition, a short and clear instruction sheet covering the secure use of<br />

mobile phones should be prepared for the users.<br />

Data classes found<br />

As soon as a mobile phone is switched on, it registers itself with the network<br />

provider through the nearest base station. At the network provider, data on the<br />

identity of the user, the serial number of the mobile phone and the identity of<br />

the base station over which registration has occurred is logged and stored.<br />

This is done even if no conversation takes place. Moreover, every time a<br />

number is dialled this event is stored, irrespective of whether a connection is<br />

established or not.<br />

<strong>The</strong> classes of data generated during use of mobile phones fall into three<br />

rough categories:<br />

- Inventory data (or master data) is data which is permanently held in a<br />

service or network and is kept available. This includes the call number and,<br />

if necessary, the name and address of the subscriber, information about the<br />

type of terminal device, if appropriate any features and authorisations<br />

relevant to the connection as well as data about the assignment of<br />

subscriber groups.<br />

- Content data is the real "useful data", i.e. the information and messages<br />

transmitted.<br />

- Call data provides information about the detailed instances of<br />

communication. This includes data on communication partners (e.g. call<br />

numbers of the calling and called connection), time and duration of the<br />

connection, system services used, connections used, lines and other<br />

technical facilities, services and, in the case of mobile services, the location<br />

IDs of the mobile terminals.<br />

Recommendations are provided below as to how this data can be protected<br />

against misuse.<br />

<strong>Protection</strong> against card misuse<br />

<strong>The</strong> mobile phone and SIM card must always be kept safe. <strong>The</strong>y should never<br />

be left unattended during business trips. In particular they should not be left in<br />

parked vehicles.<br />

Mobile phones and related services offered can be protected at various points<br />

by means of PINs and passwords. <strong>The</strong>se include:<br />

- access to the SIM card,<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!