IT Baseline Protection Manual - The Information Warfare Site

Non-Networked Systems and Clients IT-Security Management
_________________________________________________________________________________________
Infrastructure:
- S 1.33 (1) Safe keeping of laptop PCs during mobile use
- S 1.34 (2) Safe keeping of laptop PCs during stationary use
- S 1.35 (3) Pooled storage of a number of laptop PCs (optional)
Organisation:
- S 2.3 (2) Data media control
- S 2.4 (2) Maintenance/repair regulations
- S 2.9 (2) Ban on using non-approved software
- S 2.10 (3) Survey of the software held
- S 2.13 (2) Correct disposal of resources requiring protection
- S 2.22 (3) Escrow of passwords
- S 2.23 (3) Issue of PC Use guidelines (optional)
- S 2.24 (3) Introduction of a PC Checklist booklet (optional)
- S 2.36 (2) Orderly issue and retrieval of a portable (laptop) PC
Personnel:
- S 3.4 (1) Training before actual use of a program
- S 3.5 (1) Education on IT security measures
Hardware & Software:
- S 4.2 (1) Screen lock
- S 4.3 (2) Periodic runs of a virus detection program
- S 4.4 (2) Locking of floppy-disk drive slots (optional)
- S 4.27 (1) Password protection in laptop PCs
- S 4.28 (3) Software re-installation in the case of change of laptop PC user (optional)
- S 4.29 (1) Use of an encryption product for laptop PCs (optional)
- S 4.30 (2) Utilisation of the security functions offered in application programs (optional)
- S 4.31 (2) Ensuring power supply during mobile use
- S 4.44 (2) Checking of incoming data for macro viruses
Contingency Planning:
- S 6.20 (2) Appropriate storage of backup data media
- S 6.21 (3) Backup copy of the software used
- S 6.22 (2) Sporadic checks of the restorability of backups
- S 6.23 (2) Procedure in case of computer virus infection
- S 6.24 (3) PC emergency floppy disk
- S 6.27 (3) Backup of the CMOS RAM
- S 6.32 (1) Regular data backup
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000