IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>IT</strong> <strong>Baseline</strong> <strong>Protection</strong> of Generic Components<br />

_________________________________________________________________________________________<br />

R E.03 Server room Bonn building S6, N6, N7 Modera<br />

te<br />

R 2.01 -<br />

R 2.40<br />

Offices Bonn building C4, some with fax<br />

machines<br />

_________________________________________________________________________________________<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Otober 2000<br />

Modera<br />

te<br />

Interpreting the results of the protection requirement assessment<br />

High High<br />

Modera<br />

te<br />

Modera<br />

te<br />

<strong>The</strong> results obtained from the protection requirements assessment serve as the starting point from<br />

which to proceed towards drawing up the <strong>IT</strong> security concept. <strong>The</strong> assumptions regarding protection<br />

requirements categories which are used to deduce the level of protection afforded by the standard<br />

security safeguards recommended in this manual are as follows:<br />

Protective effect of standard security safeguards aimed at achieving <strong>IT</strong> baseline protection<br />

<strong>Protection</strong> requirement category "Basic to<br />

moderate"<br />

Standard security safeguards aimed at <strong>IT</strong> baseline<br />

protection are generally adequate and reasonable.<br />

<strong>Protection</strong> requirement category "High" Standard security safeguards aimed at <strong>IT</strong> baseline<br />

protection afford a basic level of protection but may<br />

not be sufficient on their own. Additional safeguards<br />

can be ascertained by performing a supplementary<br />

security analysis.<br />

<strong>Protection</strong> requirement category "Very<br />

high"<br />

Standard security safeguards aimed at <strong>IT</strong> baseline<br />

protection afford a basic level of protection but<br />

generally are not sufficient on their own. <strong>The</strong> necessary<br />

additional security safeguards must be ascertained on a<br />

case-by-case basis on the basis of a supplementary<br />

security analysis.<br />

If the protection requirement for an <strong>IT</strong> system is defined as "moderate", then it is sufficient to<br />

implement the standard safeguards aimed at <strong>IT</strong> baseline protection across the board. For <strong>IT</strong> systems,<br />

network connections and rooms where <strong>IT</strong> assets are used which have a "high", and especially if they<br />

have a "very high", protection requirement, a supplementary security analysis should be planned in.<br />

Again, the high protection requirement of these components should be borne in mind during the target<br />

versus actual comparison when working through safeguards identified in the manual as being<br />

"optional". Thus, for example, safeguard S 1.10 Use of Safety Doors may not be necessary in a server<br />

room which has a moderate protection requirement, yet where a high level of confidentiality is<br />

required it could be absolutely essential.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!