IT Baseline Protection Manual - The Information Warfare Site

Other IT Components Telecommuting
_________________________________________________________________________________________
Threat Scenario
The following threats are assumed to be applicable to the IT baseline protection of databases:
Force Majeure
- T 1.1 Loss of personnel
Organisational shortcomings:
- T 2.3 A lack of compatible, or unsuitable, resources
- T 2.22 Lack of evaluation of auditing data
- T 2.26 Lack of, or inadequate, test and release procedures
- T 2.38 Lack of, or inadequate, implementation of database security mechanisms
- T 2.39 Complexity of a DBMS
- T 2.40 Complexity of database access
- T 2.41 Poor organisation of the exchange of database users
- T 2.57 Inadequate storage of media in the event of an emergency
Human Failure:
- T 3.6 Hazards posed by cleaning staff or outside staff
- T 3.16 Incorrect administration of site and data access rights
- T 3.23 Improper administration of a DBMS
- T 3.24 Inadvertent manipulation of data
Technical Failure:
- T 4.26 Failure of a database
- T 4.27 Circumvention of access control via ODBC
- T 4.28 Loss of data in a database
- T 4.29 Loss of data in a database caused by a lack of storage space
- T 4.30 Loss of database integrity/consistency
Deliberate Acts:
- T 5.9 Unauthorised use of IT systems
- T 5.10 Abuse of remote maintenance ports
- T 5.18 Systematic trying-out of passwords
- T 5.64 Manipulation of data or software in database systems
- T 5.65 Denial of services in a database system
Recommended Countermeasures (S)
For the purpose of IT baseline protection, we recommend the complete implementation of the
safeguard packages (modules) summarised in Chapters 2.1 and 2.4.
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000