IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
If data was deleted or modified in an unwanted manner, it can be restored
from the data backups (refer to S 6.51 Restoring a database).
If there are signs of a deliberate attack on the database, it is essential to act
immediately in order to minimise the damage and prevent further damage
from occurring. This requires that there is an alarm plan which lists the steps
to be implemented and specifies who should be informed of the incident (see
also S 6.60 Procedural rules and reporting channels for security incidents).
The alarm plan should also specify whether and how the Data Privacy Officer
and the legal department should be involved.
Additional controls:
- Are the users regularly advised of the requirement to inform the Database
Administrator at once in case of irregularities?
- Are these procedures actually followed?
- Do the Database Administrators have the required expertise?
- Has a procedure for the rapid assignment of passwords been established
and tested?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Implement alarm plan