IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.1 Specification of responsibilities and of
requirements for the use of IT
Initiation responsibility: Agency/company management
Implementation responsibility: Head of IT Section, Head of organisation
For the functional areas of "IT use" and "IT security", responsibilities as well
as authorities must be specified.
For "IT use", the responsibility for substantive tasks and operational
responsibility must be laid down. The person responsible for substantive tasks
has to develop the specific requirements to be implemented in an IT
procedure. On the other hand, operational responsibility covers the following
tasks, inter alia:
- data acquisition
- work scheduling and preparation;
- data processing
- post-processing of data output;
- data media management and
- monitoring of procedural execution.
Overall regulations governing "IT security", as an aspect of IT use, must be
laid down in a binding form. It is advisable to lay down regulations on:
- data backup
- keeping data archives,
- transport of data media
- data transmission
- destruction of data media
- documentation on IT procedures, software, IT configuration;
- use of passwords;
- entry rights
- access rights
- resources control
- resource management
- purchase and leasing of hardware and software;
- maintenance and repair work;
- software: acceptance and approval;
- software: application development;
- data privacy,
- protection against computer viruses;
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000