IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 3.3 Non-compliance with IT security measures
Due to negligence and insufficient checks, persons frequently fail to perform,
in part or full, recommended or prescribed IT security measures. Damage may
be caused which otherwise could have been prevented, or at least minimised.
Depending upon the position of the given person and on the importance of the
disregarded measure, severe damage could occur here.
IT security measures are frequently disregarded due to the lack of security
awareness. A typical sign is the disregarding of recurrent error messages after
a certain habituation period.
Examples:
- The keeping of floppy disks in a locked desk does not afford sufficient
protection against unauthorised access if the key is kept in the office e.g.
on top of a cupboard or inside a card box.
- Passwords which need to be kept secret are kept on a piece of paper near a
terminal or a PC.
- Although the purpose of data backups to minimise potential damage is
widely known, losses of data do occasionally occur when unexpected
deletion of data takes place and recovery is not possible due to lack of
backups. This is particularly illustrated by the damage reported to BSI,
resulting from computer viruses, for instance.
- Access to a computer centre should take place exclusively through a door
secured by an entry control system (e.g. magnetic strip reader). However,
the emergency exit door can be used as an additional entrance and exit
although it may only be opened in an emergency..
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000