IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
S 3.14 Briefing personnel on correct procedures of
exchanging data media
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Management
Inadequate briefing and instruction of employees often causes restrictions on
the forwarding of information to be ignored or neglected. Consequently, the
persons involved in the exchange of data media should on all accounts be
informed of specifications as to which communications partners should
receive which data when (S 2.42 Determination of potential communications
partners). Furthermore, the fundamental steps comprising the exchange of
data media are to be defined (as work regulations, if required) and adherence
to them made obligatory for employees.
Employees involved in the exchange of data media are also to be familiarised
with threats which could materialise before, during or after the transport of
data media, as well as the safeguards required to avert these threats.
If certain IT-supported procedures are used to protect data while it is being
exchanged (e.g. encryption or checksums), employees involved in the
exchange of data must be briefed adequately on handling these procedures.
Additional controls:
- Are all employees authorised for communication aware of the related
regulations?
- Are employees familiar with encryption or checksum procedures being
implemented?
- Are the persons responsible for the exchange of data media sufficiently
aware of the potential threats involved?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000