IT Baseline Protection Manual - The Information Warfare Site

Telecommunications LAN connection of an IT system via ISDN
_________________________________________________________________________________________
Force Majeure
- T 1.2 Failure of the IT system
- T 1.10 Failure of a wide area network
Organisational Shortcomings:
- T 2.1 Lack of, or insufficient, rules
- T 2.6 Unauthorised admission to rooms requiring protection
- T 2.7 Unauthorised use of rights
- T 2.9 Poor adjustment to changes in the use of IT
- T 2.19 Inadequate key management for encryption
- T 2.22 Lack of evaluation of auditing data
- T 2.24 Loss of confidentiality of sensitive data of the network to be protected
- T 2.32 Inadequate line bandwidth
- T 2.37 Uncontrolled usage of communications lines
Human Error:
- T 3.1 Loss of data confidentiality/integrity as a result of IT user error
- T 3.6 Hazards posed by cleaning staff or outside staff
- T 3.8 Improper use of the IT system
- T 3.9 Improper IT system administration
- T 3.13 Transfer of incorrect or undesired data records
- T 3.16 Incorrect administration of site and data access rights
Technical Failure:
- T 4.8 Discovery of software vulnerabilities
- T 4.25 Still active connections
Deliberate Acts:
- T 5.2 Manipulation of data or software
- T 5.7 Line tapping
- T 5.8 Manipulation of lines
- T 5.9 Unauthorised use of IT systems
- T 5.10 Abuse of remote maintenance ports
- T 5.14 Call charges fraud
- T 5.16 Threat posed by internal staff during maintenance/administration work
- T 5.17 Threat posed by external staff during maintenance work
- T 5.18 Systematic trying-out of passwords
- T 5.25 Masquerading
- T 5.26 Analysis of the message flow
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000