IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
Basic:
- Confidentiality of information is not required.
- Errors can be tolerated, provided they do not render the fulfilment of
tasks impossible.
- Long-term failure should be avoided, moderate periods of downtime
are, however, acceptable.
Summary: damage causes only minor disruption within the
agency/company.
Achievement and maintenance of a given degree of IT security requires a
corresponding effort. Therefore when specifying the IT security level for a
given organisation, care should be taken to ensure that the costs associated
with attaining this level are appropriate to the circumstances and are also
affordable.
The diagram below is intended to illustrate the relationship between
financial outlay and the aspired-to level of IT security. The diagram
conveys an idea of the personnel, time and monetary resources required to
achieve the IT security level. As a point of orientation, the financial outlay
in private industry for IT security per year is an average of 5% of the total
IT investment.
niedrig
mittel
Text zum Bild:
Security
Basic - Moderate -
High - Maximum
Baseline protection
[Grundschutz]
Enhanced [erhöht]
hoch
maximal
Grund schutz erhöht maximal
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Cost-effectiveness
Cost-benefit trade-off