IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection of Generic Components
_________________________________________________________________________________________
Loss of availability
Would the failure of the IT application restrict information services provided to external parties?
Would (temporary) failure of the IT application be noticed by outsiders?
Damage scenario "Financial consequences"
Direct or indirect financial damage can result from the loss of confidentiality of sensitive data, from
alteration of data, or from the failure of an IT application. Examples include:
- unauthorised release of R&D results
- manipulation of financially-relevant data in an accounting system
- failure of an IT-controlled production system, resulting in a drop in sales
- obtaining knowledge of marketing strategy papers or of turnover figures
- failure of a booking system of a travel agency
- failure of an e-commerce server
- breakdown of a bank's payment transactions
- theft or destruction of hardware
The extent of the total damage caused is determined by the direct and indirect costs, e.g. damage to
property, compensation, additional expenses (e.g. data recovery).
Questions:
Loss of confidentiality
Could the publication of confidential information result in claims for compensation?
Does the IT application contain any data which, if known to a third party (e.g. a competitor), could
give it any financial advantage?
Is any research data of significant value stored using the IT application? What would happen if such
data were copied and passed on without permission?
Could any damage be caused by premature publication of sensitive data?
Loss of integrity
Could any data relevant to accounting be altered by data manipulation in such a way as to cause
financial loss?
Could the publication of incorrect information result in any claims to compensation?
Could any financial loss result from corrupted ordering data (e.g. just-in-time production)?
Could corrupted data lead to wrong business decisions?
Loss of availability
Would failure of the IT application impair production, inventory management or distribution?
Would failure of the IT application result in financial loss due to delayed payments or loss of interest?
How much would it cost to repair or restore the IT system if it were to fail, develop a fault, be
destroyed or stolen?
Could failure of the IT application result in deficient solvency or in contractual penalties?
How many important customers would be affected by a failure of the IT application?
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000