IT Baseline Protection Manual - The Information Warfare Site

Non-Networked Systems and Clients IT-Security Management
_________________________________________________________________________________________
Infrastructure
- S 1.29 (3) Adequate siting of an IT system (optional)
Organisation
- S 2.3 (2) Data media control
- S 2.4 (2) Maintenance/repair regulations
- S 2.5 (2) Division of responsibilities and separation of functions
- S 2.7 (2) Granting of (system/network) access rights
- S 2.8 (2) Granting of access rights
- S 2.9 (2) Ban on the use of non-approved software
- S 2.10 (3) Survey of the software held
- S 2.13 (2) Correct disposal of resources requiring protection
- S 2.22 (3) Escrow of passwords
- S 2.23 (3) Issue of PC use guidelines (optional)
- S 2.24 (3) Introduction of a PC checklist booklet (optional)
- S 2.26 (1) Appointment of an administrator and his deputy
- S 2.37 (2) Clean desk policy
- S 2.63 (1) Establishing access rights
- S 2.64 (2) Checking the log files
- S 2.65 (1) Checking the efficiency of user separation on an IT System
- S 2.66 (2) The importance of certification for procurement
Personnel
- S 3.4 (1) Training before actual use of a program
- S 3.5 (1) Education on IT security measures
- S 3.10 (1) Selection of a trustworthy administrator and his substitute
- S 3.11 (1) Training of maintenance and administration staff
- S 3.18 (1) Log-out obligation for users
Hardware & Software
- S 4.3 (2) Periodic runs of a virus detection program
- S 4.4 (3) Locking of floppy-disk drive slots (optional)
- S 4.30 (2) Utilisation of the security functions offered in application programs (optional)
- S 4.41 (1) Use of a suitable PC security product
- S 4.42 (2) Implementation of security functions in the IT application (optional)
- S 4.44 (2) Checking of incoming data for macro viruses
- S 4.109 (2) Software reinstallation on workstations
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000