IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 2 Threats Catalogue Organisational
Shortcomings
T 2.1 Lack of, or insufficient, rules
T 2.2 Insufficient knowledge of requirements documents
T 2.3 A lack of compatible, or unsuitable, resources
T 2.4 Insufficient monitoring of IT security measures
T 2.5 Lack of, or inadequate, maintenance
T 2.6 Unauthorised admission to rooms requiring protection
T 2.7 Unauthorised use of rights
T 2.8 Uncontrolled use of resources
T 2.9 Poor adjustment to changes in the use of IT
T 2.10 Data media are not available when required
T 2.11 Insufficient bandwidth planning
T 2.12 Insufficient documentation on cabling
T 2.13 Inadequately protected distributors
T 2.14 Impairment of IT usage on account of adverse working
conditions
T 2.15 Loss of confidentiality of sensitive data in the UNIX
system
T 2.16 Non-regulated change of users in the case of laptop PCs
T 2.17 Inadequate labelling of data media
T 2.18 Improper delivery of data media
T 2.19 Inadequate key management for encryption
T 2.20 Inadequate supply of printing consumables for fax
machines
T 2.21 Inadequate organisation of the exchange of users
T 2.22 Lack of evaluation of auditing data
T 2.23 Security flaws involved in integrating DOS PCs into a
server-based network
T 2.24 Loss of confidentiality of sensitive data of the network
to be protected
T 2.25 Reduction of transmission or execution speed caused by
Peer-to-Peer functions
T 2.26 Lack of, or inadequate, test and release procedures
T 2.27 Lack of, or inadequate, documentation
T 2.28 Violation of copyright
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000