IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
Damage category Damage /
loss =
medium
Violation of laws, regulations or
contracts
Impairment of the right to
informational self-determination
Impairment of the physical integrity
of a person
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
D1
Impaired performance of duties D2
Negative effects on external
relationships
Financial consequences D4
Damage /
loss = high
Damage /
loss = very
high
Damage cases D1 to D4 are assigned the following priorities on the basis of
the previous priority assignment:
Priority classification method: D1 = 2, D2 = 3, D3 = 1, D4 = 3
Priority rating method: D1 = 13, D2 = 15, D3 = 4, D4 = 18
In both cases it would be clear that damage limitation effort should initially be
concentrated on damage case D3 (negative effects on external relationships)
before any attempt is made to tackle the other types of damage. In the
example, to limit the negative effects on external relationships, the Internet
server which has been tampered with would be taken off the network as the
prelude to other measures. If the damage resulting from negative effects on
external relationships had been assigned a lower priority and greater
importance had been attached to impairment of the municipal authority's
ability to accomplish its work, disconnecting the Internet server might not be
viewed as a measure which should be implemented immediately.
Additional controls:
- Has the priority assignment been agreed with Management?
- Has the priority assignment been notified to all the decision makers in the
management system for the handling of security incidents?
- When was the priority assignment last updated?
D3