IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

Agency/company management<br />

Task:<br />

In cases of serious security incidents, management should be informed and<br />

if necessary should be required to make decisions.<br />

Responsibility:<br />

In its capacity as having overall responsibility, it can delegate<br />

responsibility to the above-mentioned groups. In addition it can call in the<br />

police and criminal prosecution authorities where criminal activity is<br />

suspected.<br />

Duty / information:<br />

Management must approve the "Policy for handling security incidents" and<br />

the escalation plans which are based thereon. As part of this, line<br />

management is also informed of its role in the handling of security<br />

incidents.<br />

Security Incident Team<br />

In addition to the above groups, where a difficult or serious security incident<br />

has occurred it may be necessary to invoke a Security Incident Team for a<br />

limited period to handle the incident. This is normally initiated by the <strong>IT</strong><br />

Security Officer, who may involve line management in advance.<br />

Even if the Security Incident Team only meets for a specific security incident,<br />

to ensure as fast a response as possible to the security incident, its members<br />

must be appointed and fully briefed of their assigned tasks in advance. <strong>The</strong><br />

members of the Security Incident Team should be authorised to perform their<br />

assigned tasks on their own authority. <strong>The</strong> procedures necessary for this must<br />

be specified in writing and authorised by management. In particular, the<br />

person who heads the team must be specified.<br />

Depending on the type of security incident, the members of a Security<br />

Incident Team can include the following, for example:<br />

- Agency/company management<br />

- <strong>IT</strong> Security Management / <strong>IT</strong> Security Officer<br />

- Head of <strong>IT</strong> section<br />

- Press office<br />

- Data privacy officer<br />

- Legal adviser<br />

- Staff council / works council<br />

If necessary, additional parties/departments must be called in, e.g.<br />

- the specialist departments concerned (head of department, <strong>IT</strong> Procedures<br />

Officer),<br />

- <strong>IT</strong> Administrators,<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Appoint members and<br />

determine tasks

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!