IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.31 Documentation on authorised users and on rights
profiles
S 2.32 Establishment of a restricted user environment
S 2.33 Division of Administrator roles under UNIX
S 2.34 Documentation of changes made to an existing IT
system
S 2.35 Obtaining information on security weaknesses of the
system
S 2.36 Orderly issue and retrieval of a portable (laptop) PC
S 2.37 Clean desk policy
S 2.38 Division of administrator roles in PC networks
S 2.39 Response to violations of security policies
S 2.40 Timely involvement of the staff/factory council
S 2.41 Employees' commitment to data backup
S 2.42 Determination of potential communications partners
S 2.43 Adequate labelling of data media for dispatch
S 2.44 Secure packaging of data media
S 2.45 Controlling the exchange of data media
S 2.46 Appropriate key management
S 2.47 Designating a person in charge of the fax system
S 2.48 Designating authorised fax operators
S 2.49 Procurement of suitable fax machines
S 2.50 Appropriate disposal of consumable fax accessories and
spare parts
S 2.51 Producing copies of incoming fax messages
S 2.52 Supply and monitoring of consumable fax accessories
S 2.53 Deactivation of fax machines after office hours
S 2.54 Procurement/selection of suitable answering machines
S 2.55 Use of a security code
S 2.56 Avoidance of confidential information on answering
machines
S 2.57 Regular playback and deletion of recorded messages
S 2.58 Limitation of message time
S 2.59 Procurement of a suitable modem
S 2.60 Secure administration of a modem
S 2.61 Requirements document for modem usage
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000