IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.17 Entry regulations and controls<br />

Initiation responsibility: Head of Organisational Section; Head of<br />

<strong>Site</strong>/Bldg Technical Service<br />

Implementation responsibility: Head of <strong>Site</strong>/Bldg Technical Service; staff<br />

members<br />

Entry into parts of buildings and to rooms requiring protection is to be<br />

regulated and controlled (see S 2.6 Granting of site access authorisations).<br />

<strong>The</strong> pertinent measures range from the simple issue of keys to intricate<br />

identification systems including one-by-one checks of persons; in this respect,<br />

use of a physical key with lock also constitutes a form of entry control. For<br />

entry regulation and control, it is necessary that:<br />

- <strong>The</strong> area subject to such regulations must be clearly defined.<br />

- <strong>The</strong> number of persons with right of access is to be confined to a<br />

minimum. <strong>The</strong>se persons should be mutually aware of their permissions in<br />

order to be able to recognise unauthorised persons as such.<br />

- Any other persons (visitors) may be allowed to enter only after the need to<br />

do so has been previously verified.<br />

- <strong>The</strong> permissions granted must be documented.<br />

<strong>The</strong> mere allocation of permissions will not suffice if their observance, or<br />

infringement, is not monitored. <strong>The</strong> detailed design of control mechanisms<br />

should be based on the principle that simple and practicable solutions are<br />

often just as effective as intricate technology. Examples here are:<br />

- Informing, and raising the awareness of, the authorised persons.<br />

- Full information must be provided on any changes to the permissions<br />

granted.<br />

- Visible carrying of premises passes; possibly issue of visitor's passes.<br />

- Escorting of visitors.<br />

- Procedural patterns when any infringement of rights has been detected.<br />

- Unhindered entry for unauthorised persons must be prevented, or at least<br />

rendered difficult (e.g. door with a dummy knob; lock for authorised<br />

persons provided with a key; bell for visitors).<br />

In addition, the installation of various types of badge readers, of walk-through<br />

detectors and of one-by-one checking facilities may be expedient. For key<br />

management, cf. S 2.14 Key Management.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!