IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.2 Resource management
Initiation responsibility: Agency/company management
Implementation responsibility: Head of IT Section, Head of organisation
Resources (or non-monetary resources) for IT uses are all necessary articles
such as hardware components (computer, keyboard, printer, etc.), software
(system software, individual programs, standard programs, and the like),
consumables (paper, toner, printer cartridges), data media (magnetic tapes,
floppy disks, streamer tapes, hard disks, removable hard disks, CD ROMs, and
the like).
Resource management comprises the following tasks:
- procurement of resources,
- pre-use testing;
- marking and
- inventorising,
Procurement of resources is of particular importance in the use of
information technology systems. A well-regulated procurement procedure
will, in particular, support the objectives to be achieved with the use of
information technology: improved performance, economic efficiency,
improvement of communication possibilities.
Apart from mere economy aspects, a regulated procurement procedure - which
can also be handled centrally - can also provide for greater account being
taken of new developments and of improvements in the area of information
technology.
Moreover, central procurement will ensure the introduction and observance of
an "in-house standard", which simplifies the training of the staff and
maintenance activities.
With a regulated test procedure before the use of resources, various threats
can be averted. Examples are:
- verifying the completeness of deliveries (e.g. manuals) in order to ensure
the availability of all components to be delivered;
- testing of new PC software and of new pre-formatted data media by means
of a computer virus detection program;
- test runs of new software on specific test systems;
- verification of the compatibility of new hardware and software components
with existing components.
It is only by means of an inventory of the resources used that consumption
requirements can be determined, and replenishment orders be placed.
Moreover, inventorising makes it possible to carry out checks for
completeness, to check the use of non-approved software or to detect
purloining of resources. This calls for clear marking of the most important
resources with distinct identification features (e.g. grouped serial inventory
numbers). In addition, the serial numbers of existing devices such as monitors,
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000