IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection of Generic Components
_________________________________________________________________________________________
1.4 Brief Outline of Existing Modules
The overview which follows provides a brief outline of the modules which currently exist in the IT
Baseline Protection Manual. It gives a compact summary of the scope of the recommended safeguards
contained in the IT Baseline Protection Manual.
3.0 IT Security Management
This chapter presents a systematic approach to establishing functional IT security management and
adapting it over time in line with developments in business operations.
3.1 Organisation
This module lists the organisational procedures that are basically required for IT security. Examples
are the determination of responsibilities, data media administration and procedures regarding the use
of passwords. They apply to every IT system.
3.2 Personnel
The Personnel module describes staff-related safeguards to be observed for the achievement of IT
security. Examples are arrangements during staff absences, training activities, and controlled
procedures in the case of termination of employment. They apply regardless of the type of IT system
employed.
3.3 Contingency Planning Concept
This module presents a procedure for drawing up a contingency planning concept and is especially
important for larger IT systems.
3.4 Data Backup Policy
This module shows how a sound data backup policy can be systematically developed. It is especially
intended for larger IT systems or IT systems on which a large amount of data is stored.
3.5 Data Privacy Protection
This module presents the basic conditions for realistic data privacy and shows the interrelationship of
IT security and IT baseline protection. It was developed under the lead of the Federal Data Privacy
Officer (BfD) in co-operation with the data privacy officers of the German state and the individual
German Länder, and can be obtained from the BfD.
3.6 Computer Virus Protection Concept
The aim of the computer virus protection concept is to create a suitable package of safeguards which
will enable penetration of an organisation's IT systems by computer viruses to be prevented or
detected as early as possible so that countermeasures can be taken and possible damage can be
minimised.
3.7 Crypto Concept
This module describes a procedure whereby in a heterogeneous environment both the data stored
locally and the data to be transmitted can be protected effectively through cryptographic procedures
and techniques.
3.8 Handling of Security Incidents
To maintain IT security in ongoing operations, it is necessary to have developed and practised a policy
for the handling of security incidents. A security incident is an event whose impact could cause
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000