IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 3.16 Incorrect administration of site and data
access rights
Access rights to an IT system, to stored data and to IT applications should
only be granted to the extent required to carry out the necessary tasks. If these
rights are administered incorrectly, it can result in a disruption of the
operation. if the necessary access rights were not granted or to security leaks if
more rights were granted than required.
Example:
As a result of incorrect administration of access rights, a clerk is able to gain
access to auditing data. By deleting specific entries, he is able to cover up his
attempts to manipulate the computer because they will not appear in the log
file any longer.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000