IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

obligations and responsibilities of the external maintenance personnel must<br />

also be carefully specified.<br />

<strong>The</strong> execution of external maintenance work must be logged; which <strong>IT</strong><br />

systems or components have been sent away for repair, when and to whom,<br />

who was responsible, when the repair should be finished and when the<br />

machine was brought back. For reference, registration of the <strong>IT</strong> systems or<br />

components is necessary. On the one hand, this makes it clear to which<br />

organisation these systems belong, and on the other hand it allows<br />

straightforward classification within the organisation.<br />

It must be ensured that damages or theft are prevented during transit of the <strong>IT</strong><br />

components which are to be repaired. If sensitive data is still to be found on<br />

the <strong>IT</strong> systems, they must be transported with the appropriate protection, e.g.<br />

via locked containers or couriers. Moreover, proof of dispatch (accompanying<br />

documents, dispatch note) and arrival (confirmation of receipt) must be<br />

carried out and logged.<br />

In the case of <strong>IT</strong> systems protected with passwords and depending on the<br />

scope of repair work and type of password security, all or some of the<br />

passwords must be made known, or settings must be established such as<br />

"REPAIR", so that the maintenance technicians can access the machines.<br />

Once the <strong>IT</strong> systems or components have been handed back, their<br />

completeness must be checked. All passwords must be changed. PC datamedia<br />

must be checked for computer viruses with an up-to-date anti-virus<br />

program. All files contained in the repaired machine must be checked as<br />

regards their integrity.<br />

Remote maintenance<br />

Regulations for remote maintenance are contained in S 5.33 Secure remote<br />

maintenance via modem.<br />

Additional controls:<br />

- Are the staff encouraged to ensure supervision?<br />

- Are records kept to account for the maintenance work carried out?<br />

- Has a timetable been laid down for maintenance work?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!