IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

<strong>The</strong> <strong>IT</strong> Security Officer receives reports on security incidents. He<br />

investigates and assesses the incident. He selects appropriate measures and<br />

arranges for them to be implemented where this does not lie outside his<br />

area of responsibility. If necessary, he assembles a Security Incident Team<br />

or informs line management for the purpose of escalation.<br />

Responsibility:<br />

He is authorised to undertake an assessment of a security incident and to<br />

escalate an incident up the management chain. In addition he has been<br />

granted the financial and personnel resources (e.g. DM 100,000 and 2 manmonths)<br />

which he may use to handle incidents independently.<br />

Duty / information:<br />

<strong>IT</strong> Security Management develops the "Policy for handling security<br />

incidents". <strong>The</strong>refore all <strong>IT</strong> Security Officers should be informed of their<br />

tasks and responsibilities in the handling of security incidents.<br />

<strong>IT</strong> Security Auditor<br />

Task:<br />

<strong>The</strong> <strong>IT</strong> Security Auditor can be assigned the task of checking the<br />

effectiveness of the management system for security incidents at regular<br />

intervals. He can also be required to participate in the evaluation of<br />

security incidents.<br />

Responsibility:<br />

In agreement with line management, predefined checks can be initiated and<br />

performed.<br />

Duty / information:<br />

This should be specified in the job description and in the "Policy for<br />

handling security incidents".<br />

Public Relations / Press Office<br />

Task:<br />

Where a serious security incident has occurred, no information should be<br />

divulged to the public except through the Press Office. <strong>The</strong> aim here is not<br />

to gloss over or play down the incident, but to present it in an objective<br />

manner so as to avoid any loss of image as a consequence of conflicting<br />

information.<br />

Responsibility:<br />

<strong>The</strong> Press Office must prepare information regarding the security incident<br />

together with the technical experts and agree this with line management<br />

prior to distribution.<br />

Duty / information:<br />

This should be specified in the job description and in the "Policy for<br />

handling security incidents".<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!