IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.65 Notification of the parties affected
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management, Head of IT Section,
Administrator, Press Office
When a security incident has occurred, all the internal and external parties
affected by it must be informed. This is especially important for departments
or agencies which could sustain damage as a direct result of the security
incident and need to take countermeasures or for any parties which process
information about security incidents and can assist in preventing or resolving
them. If necessary, the public should also be informed, especially if
information has already leaked out.
A clear concept of who should inform whom, in what sequence and in how
much detail must be developed for the particular security incident concerned.
In this connection steps must be taken to ensure that information regarding the
security incident is only given out by appointed responsible persons, such as,
for example IT Security Management or the Press Office.
Who receives information and in how much detail naturally will depend
primarily on the technical background. No incorrect or embellished
information should be passed on, as this could lead to confusion, false
assessments and loss of image.
An example is presented below of which departments/agencies should
typically be informed of what information.
Internal departments
If it is still unclear as to whether a security incident has occurred or how
serious it is, the internal staff potentially affected should be asked to examine
their areas of work for possible irregularities.
If the countermeasures required to deal with a security incident are known, the
internal departments concerned should be informed promptly as to what they
must do in order to minimise the effects of a security incident or to restore
secure operations.
The parties who should be considered include the following:
- Head of IT Section
- heads of specialist departments concerned,
- IT users,
- IT Administrators,
- IT user service,
- site technical service
- surveillance staff,
- internal security staff and
- entrance control staff.
External parties
If the impact of the security incident is not confined simply to the
organisation, all external parties which are also affected or could also be
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Who informs whom?
No glossing over!