IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.9 Ban on using non-approved software<br />

Initiation responsibility: Agency/company management; Head of <strong>IT</strong><br />

Section; <strong>IT</strong> Security Management<br />

Implementation responsibility: Head of <strong>IT</strong> section<br />

Provisions must be laid down on how software may be accepted, approved,<br />

installed and used (c.f. S 2.62 Software acceptance and approval Procedure<br />

and Chapter 9.1 Standard Software). Installation or use of non-approved<br />

software must be prohibited and as much as possible prevented via technical<br />

means. For example, this can be attained under Windows 95 by restricting the<br />

user environment (see S 2.104 System guidelines for restricting usage of<br />

Windows 95). This is to prevent introduction of programs with undesirable<br />

effects. In addition, uncontrolled use of the system beyond the defined range<br />

of functions is to be prevented. Where necessary, this ban on use can be<br />

extended also to the use of private hardware and private data (floppy disks,<br />

removable hard disk, PC, laptop).<br />

Prior approval should be required for any exemptions to be granted.<br />

Additional controls:<br />

- Has a procedure for the authorisation and registration of software been laid<br />

down?<br />

- Has the ban on use of non-approved software been laid down in writing?<br />

- Have all staff members been informed of the ban on use?<br />

- Are reminders periodically given of the ban on use?<br />

- What possibilities exist for installing or using unauthorised software?<br />

- What possibilities exist for autonomous development of software on<br />

individual computers?<br />

- Do regulations exist concerning the programming and passing on of<br />

macros of standard products, e.g. text processing, table calculation and data<br />

bases?<br />

- Have any lists been established which show the approved versions of<br />

executable files and, in particular, indicate the creation date and the size of<br />

the file?<br />

- Are periodic checks being made of whether approved versions of<br />

executable files have been altered?<br />

- Is it possible to technically prevent software from being installed?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!