IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.59 Specification of responsibilities for dealing
with security incidents
Initiation responsibility: Agency/company Management, IT Security
Management
Implementation responsibility: IT Security Management
When specifying the responsibilities for handling security incidents, it is
worthwhile considering the sequence of events in a hypothetical security
incident. The tasks and responsibilities of the person groups involved must be
determined and an appropriate method of obligating and instructing them must
be devised. To give an idea how this might be done, examples are set out
below for some of the groups typically affected.
IT-users
Task:
As soon as IT-users become aware of a security-relevant irregularity, they
must observe the appropriate procedural rules and report the irregularity.
Responsibility:
IT users must decide what the appropriate reporting channel is in the
present case (see S 6.60 Investigation and assessment of a security
incident).
Duty / information:
Every IT user should have a duty under the in-house security guidelines to
report any security-relevant irregularities. Furthermore, all users should be
given written instructions informing them of the actions they should take
and to whom which incidents should be reported.
IT Administrator
Task:
The IT Administrator's task here is to receive reports regarding securityrelevant
irregularities relating to IT systems for which he is responsible. He
must then decide whether to take corrective action himself or whether he
should report the incident to the next higher escalation level.
Responsibility:
An administrator must be able to decide whether there is a security
problem, whether he can deal with it himself, whether he should consult
other persons immediately (in accordance with the escalation plan) and
whom he should inform.
Duty / information:
This should be specified in the job description and in the "Policy for
handling security incidents".
IT Security Officer / IT Security Management
Task:
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Define tasks and
responsibilities