IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.6 Study of internally and externally available
alternatives
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Staff responsible for the individual IT
applications
In order to avoid capacity shortfalls during restricted IT operations, internally
and externally available alternatives must be explored.
When studying such alternatives, particular consideration must be given to the
technical specifications of the alternative IT system. The compatibility and
sufficient capacity (cf. S 6.4 Documentation on the capacity requirements of
IT applications) of the alternative IT system are the basic prerequisites for its
use.
The primary objective is the internal transfer of IT applications from one IT
system to another (e.g. recourse to the development computer in case of
failure of the production computer). External alternatives will have to be relied
on when it is no longer possible to meet the availability requirements in an
economically feasible way.
Alternatives for non IT-specific components should also be considered. In the
infrastructure domain, for instance, consideration is to be given to alternatives
regarding IT rooms.
Additional controls:
- Have internally and externally available alternatives been checked for their
effectiveness?
- Are the configuration, capacity and compatibility of internal and external
alternatives being adapted to the current status of procedures?
- Are the integrity and confidentiality of IT application and data moved to
external resources ensured in the case of recourse to external alternatives?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000