IT Baseline Protection Manual - The Information Warfare Site

Networked Systems IT-Security Management
_________________________________________________________________________________________
Infrastructure:
- S 1.29 (3) Adequate siting of an IT system (optional)
Organisation:
- S 2.3 (2) Data media control
- S 2.4 (2) Maintenance/repair regulations
- S 2.9 (3) Ban on using non-approved software
- S 2.10 (2) Survey of the software held
- S 2.13 (2) Correct disposal of resources requiring protection
- S 2.22 (2) Escrow of passwords
- S 2.23 (3) Issue of PC Use guidelines (optional)
- S 2.24 (3) Introduction of a PC Checklist booklet (optional)
Personnel:
- S 3.4 (1) Training before actual use of a program
- S 3.5 (1) Education on IT security measures
Hardware & Software:
- S 4.1 (1) Password protection for IT systems
- S 4.2 (1) Screen lock
- S 4.3 (2) Periodic runs of a virus detection program
- S 4.4 (2) Locking of floppy-disk drive slots (optional)
- S 4.30 (2) Utilisation of the security functions offered in application programs (optional)
- S 4.44 (2) Checking of incoming data for macro viruses
- S 4.84 (1) Use of BIOS security mechanisms
Contingency Planning:
- S 6.20 (2) Appropriate storage of backup data media
- S 6.21 (3) Backup copy of the software used
- S 6.22 (2) Sporadic checks of the restorability of backups
- S 6.23 (2) Procedure in case of computer virus infection
- S 6.24 (3) PC emergency floppy disk
- S 6.27 (3) Backup of the CMOS RAM (in the case of PCs)
- S 6.32 (1) Regular data backup
If an IT system is to be used by several persons, then administration of the computer and distinction
between users are absolutely necessary. In this case, the following safeguards and threats are to be
considered additionally for multi-user operation:
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000