IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.202 Preparation of an IT Security Organisational
Manual
Initiation responsibility: IT Security Management Team
Implementation responsibility: Head of Organisational Section
During the IT security process not only are the documents mentioned in the
present safeguards produced but during the implementation phase additional
rules covering either the entire organisation or particular jobs are developed.
Procedural rules or instructions on actions to be taken are written, and these
must be available to every employee as the basis for his actions or omissions
at the workplace. These rules must be compiled and made available in a
suitable form to each target group. Whereas documentation of the IT security
process is an essential tool for the IT Security Management Team, the IT
Security Organisational Manual serves as a set of guidelines for all staff
affected by the IT security process. In practice, sections of these
recommendations are used under names such as "PC Guidelines" or "IT User
Guidelines". Different rules, which are geared towards the same key
statements but also contain information on rights and duties which are specific
to a given function, are needed by different target groups within the
organisation. In this way sets of guidelines which specify tasks and
responsibilities for different target groups are prepared. Such guidelines could
be structured together with superordinate chapters in an IT Security
Organisational Manual as shown below:
IT Security Organisational Manual
Chapter 1 Information Security Policy of the organisation
Chapter 2 IT security guidelines derived from the ISP
2.1 IT systems
2.2 IT applications
Chapter 3 IT Security Management
3.1 Organisational structure
3.2 IT security-specific tasks
3.3 Responsibilities for meeting security
requirements
3.4 Operational structure for the proper and secure
use of IT facilities
3.5 Strategic elements of IT security management
Chapter 4 Guidelines on IT security
4.1 Guidelines for IT users
4.2 Guidelines for IT administrators
4.3 Guidelines for technical managers
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
...
4.n Rules for other responsibilities