IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 5.10 Restrictive granting of access rights<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

Access rights to data held on the hard disk of the network server must be<br />

allocated on a restrictive basis: Each user will be authorised to have access<br />

only to those files needed for the performance of his tasks. In turn, the access<br />

rights will be confined to the required type of access.(See also S 2.5 Division<br />

of responsibilities and separation of functions, S 2.7 Granting of<br />

(system/network) access rights and S 2.8 Granting of (application/data)<br />

access permissions). (On this point, see also S 2.5 Division of responsibilities<br />

and separation of functions, S 2.7 Granting of system/network access<br />

authorisations and S 2.8 Granting of (application/data) access rights) Thus,<br />

for instance, it will very rarely be necessary to grant write access to<br />

programme files.<br />

In most cases, it is possible to have access to files in sub-directories if such<br />

rights exist for parent directories (inheritance). This implies that access rights<br />

at the highest level (volume level) should be granted only on a very restrictive<br />

basis. Particularly when installing new software products, the granting of<br />

rights should be revised.<br />

If the PCs are provided with floppy disk drives, particular importance should<br />

be attached to the restrictive allocation of rights.<br />

If little storage space is provided on a network server, the maximum memory<br />

capacity which a user may occupy on the network server can be restricted<br />

(disk quota).<br />

Additional controls:<br />

- Is it possible, on the basis of the documentation on the rights structure, to<br />

verify that only the minimum rights required have been granted?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!