IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.23 Issue of PC Use Guidelines
Initiation responsibility: Agency/company management; IT Security
Management; Head of IT Section
Implementation responsibility: Head of IT Section; IT users
In order to promote the secure and proper use of personal computers in largersize
companies/agencies, PC Use Guidelines should be prepared which lay
down mandatory provisions on what general requirements must be met and
which IT security measures will have to be taken. As a minimum, such PC
Use Guidelines are to regulate the use of non-networked PCs; if PCs are
operated within a network or are used as intelligent terminals, these aspects
will have to be covered by the Guidelines. The following is to give a broad
outline of the items which might expediently be included in such PC Use
Guidelines.
The contents of PC Use Guidelines may be structured as follows:
- Objectives and definitions
This introductory part of the PC Use Guidelines serves to raise the IT
security awareness and motivation of PC users. At the same time, the
concepts required for shared understanding are defined, such as PC, users,
objects requiring protection.
- Scope of application
In this part, the units of the company/agency to which the PC Use
Guidelines are to apply must be laid down in a binding form.
- Legislation and in-house regulations
Here, information is given on the legal provisions to be complied with, e.g.
the Federal Data Protection Act and the Copyright Act. In addition, all
relevant in-house regulations can be listed in this section.
- Distribution of responsibilities
This section defines what function will be associated with what
responsibility in the context of PC use. In particular, a distinction will have
to be made between the functions of user, superior, auditing officer,
departmental data privacy officer, and IT Security Management.
- IT security measures to be implemented and observed
In the final section of the PC Use Guidelines, those IT security measures
which are to be observed and implemented by the IT user must be laid
down. Depending on the required level of protection the measures can
exceed the IT base protection.
If telecommuters are employed by an enterprise or agency, the PC usage
guidelines should be extended by rules pertaining to telecommuting
workstations. Also refer to Chapter 9.3.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000