IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection in the Area of Infrastructure
_________________________________________________________________________________________
4.3.1 Offices
Description
An office is a room where one or several staff members are
present in order to fulfil their duties, possibly including ITsupported
tasks. Such duties may cover a wide variety of
tasks: production of documents, processing of files and lists,
conferences and telephone calls, reading of records and other
documents, etc.
However, if an office is used primarily for keeping archives
of data media, reference is also to be made to Chapter 4.3.3, "Data Media Archives". If a server (LAN;
PBX, or the like) is installed in an office, the safeguards in Chapter 4.3.2 (server room) should also be
observed.
Threat Scenario
The following typical threats (T) are assumed as regards IT baseline protection of an office:
Organisational Shortcomings:
- T 2.1 Lack of, or insufficient, rules
- T 2.6 Unauthorised admission to rooms requiring protection
- T 2.14 Impairment of IT usage on account of adverse working conditions
Human Error:
- T 3.6 Hazards posed by cleaning staff or outside staff
Deliberate Acts:
- T 5.1 Manipulation or destruction of IT equipment or accessories
- T 5.2 Manipulation of data or software
- T 5.4 Theft
- T 5.5 Vandalism
Recommended Countermeasures (S)
To implement IT baseline protection, selection of the required packages of safeguards ("modules"), as
described in Sections 2.3 and 2.4, is recommended.
In the following, the safeguard package for "Office" is set out:
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000