IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.203 Establishment of a pool of information on IT
security
Initiation responsibility: IT Security Management Team
Implementation responsibility: Management, IT Procedures Officer
Now that IT is used widely, traditional work routines are undergoing a
transformation which requires not only adaptation of organisational structures
but also a change in the skills and competence of staff.
It is therefore not sufficient just to compile the necessary rules together from
an objective point of view, but active steps must also be taken using didactic
techniques to change the skills and competence of staff. IT security awareness
promotion and training programmes can assist with this, but at the same time
the opportunities presented by the new technologies should also be used to
make the necessary information available at the workplace in a contextspecific
manner. With this objective in mind, the BSI has created an IT
Security information desk ("Info Desk") which makes general information,
key security policy statements and specific guidelines available online over a
graphical user interface in the Intranet of an organisation.
A demo version of this "Info Desk" will be found on the CD-ROM for the
manual (see appendix on Additional Aids, German version only). The
application is designed so that it can be adapted to the particular circumstances
of different agencies or companies. The BSI offers support with setting this up
through a set of correspondence course lessons. Beginning with modification
of the user interface to reflect the organisation's corporate identity, over a
cycle of 18 months the organisation’s own information security policy and
specific IT security concepts are integrated into the Info Desk. The
correspondence course lessons are sent out by e-mail, which is also used for
experience sharing. Further information may be obtained from
schulung@bsi.de.
Additional controls:
- Has a pool of information on IT security been set up on the Intranet?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000