IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

Finally, all members of staff should be made aware of the fact that<br />

commitment, co-operation and responsible behaviour are expected of them<br />

not only with regard to the fulfilment of tasks in general, but also with<br />

regard to the fulfilment of the "<strong>IT</strong> security" task.<br />

6. Drawing up additional <strong>IT</strong> system security policy documents<br />

Separate <strong>IT</strong> system security policy documents should be prepared for <strong>IT</strong><br />

systems or <strong>IT</strong> services which are located in a security-critical area, whose<br />

configuration is complex or which are relatively complex to use. Examples<br />

here include system security policy documents for firewalls, anti-virus<br />

protection measures, the use of e-mail or the use of Internet (see appendix<br />

on Additional Aids (in German)). <strong>The</strong> <strong>IT</strong> system security guidelines should<br />

contain:<br />

- a description of the functionality of the system, the external<br />

interfaces and the requirements relating to the operational<br />

environment;<br />

- a description of the threats against which the system is to be<br />

protected;<br />

- a description of the actions which persons or technical processes<br />

may perform on data or programmes;<br />

- a description of the protection requirements for the system objects;<br />

- a description of the residual risks which the operator of the system<br />

can accept;<br />

- all the safeguards which are to be implemented in the system to<br />

counter the threats;<br />

- all the known vulnerabilities of the system.<br />

Additional controls:<br />

- Has the <strong>Information</strong> Security Policy been distributed to all staff affected?<br />

- Are new members of staff referred to the <strong>Information</strong> Security Policy?<br />

- Is the <strong>Information</strong> Security Policy updated at regular intervals?<br />

- For which <strong>IT</strong> systems are there separate <strong>IT</strong> system security policy<br />

documents?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!