IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.7 Granting of (system/network) access<br />

privileges<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Head of <strong>IT</strong> Section<br />

This type of access authorisation allows the person concerned to use <strong>IT</strong><br />

systems, systems components and networks. This must be laid down in detail<br />

for every person authorised to use such facilities on the basis of his/her<br />

function and with due regard to the separation of functions (cf. S 2.5 Division<br />

of responsibilities and separation of functions). Access to a computer must be<br />

defined depending on the function, e.g. access to the operating system (system<br />

administrator), or access to an <strong>IT</strong> application (application user). Moreover, it<br />

must be ensured that staffing and task-related changes are promptly taken into<br />

account.<br />

Where feasible in <strong>IT</strong>-terms, access should only be possible after the identification<br />

(e.g. name, user ID or smart card) and the authentication (e.g. password)<br />

of the authorised person, and should be logged.<br />

<strong>The</strong> issue and retrieval of access-granting means such as user IDs or smart<br />

cards must be documented. Also, provisions must be laid down as regards the<br />

handling of access-granting and authentication means (e.g. use of smart cards,<br />

handling of passwords, cf. S 2.11 Provisions governing the use of passwords).<br />

Access authorisation should be temporarily blocked in case of long term<br />

absence of the authorised person in order to prevent abuse.<br />

It is necessary to make sporadic checks for compliance with the<br />

aforementioned requirements.<br />

Additional controls:<br />

- Are the issue and the retrieval of access authorisations and access-granting<br />

means documented?<br />

- Is separation of functions being observed in the granting of access rights?<br />

- Are users being trained in the correct handling of access-granting means?<br />

- If use of access-granting means is logged, are such logs also analysed?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!