IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
S 3.13 Increasing staff awareness of potential threats
to the PBX
Initiation responsibility: PBX officer; IT Security Management;
personnel committee/works council
Implementation responsibility: IT Security Management, Administrators
Staff members must be advised of the risks involved in the use of a digital
PBX (telecommunications facility). This could be done, for instance, by
means of a short briefing or instruction sheets. It must be borne in mind that
abnormal behaviour of a PBX should be reported. Since in case of
manipulations of a PBX installation, involvement of the PBX operator cannot
be precluded, an independent controller, such as IT Security Management or
departmental data security officers, should be informed in such cases.
Additional controls:
- Is awareness training repeated in regular intervals?
- Are new employees made aware of the possible dangers involved in PBX
operation?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000