IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.26 Appointment of an Administrator and his<br />

Deputy<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management,<br />

PBX officer<br />

Implementation responsibility: -<br />

To ensure the orderly operation of <strong>IT</strong> systems, Administrators must be<br />

appointed for all <strong>IT</strong> systems and networks. In addition to general<br />

administration work, Administrators are responsible, in particular, for user<br />

administration, including the administration of access rights. <strong>The</strong>y are also<br />

responsible for the security aspects of all the <strong>IT</strong> systems they look after.<br />

In larger organisations with a number of different <strong>IT</strong> systems and<br />

subnetworks, it is also necessary to ensure that the work is divided between<br />

the different Administrators in such a way that there are no problems<br />

regarding who is responsible for what, i.e. so that no two Administrators have<br />

overlapping responsibilities and all the tasks which need to be performed are<br />

assigned. In addition, communication between the different Administrators<br />

should function as smoothly as possible. It can be helpful to hold regular<br />

meetings of Administrators at which typical problems and solutions to<br />

problems encountered in everyday operations are discussed.<br />

When use is made of logging, steps should be taken to ensure separation of the<br />

roles of administration and auditing. <strong>The</strong> extent to which this objective is<br />

supported by the <strong>IT</strong> systems must be checked in this context.<br />

To ensure continuity of service when an Administrator is absent, a deputy<br />

must be appointed. Care must be taken here to ensure that the deputy is given<br />

his own Administrator ID (see also S 2.38 Division of Administrator Roles).<br />

Under no circumstances should the password simply be handed over to the<br />

stand-in because that is less trouble.<br />

In order that such deputies can take over these functions, it is necessary to<br />

ensure that every Administrator and his deputy have sufficient time to carry<br />

out their tasks with due care. Training and further education of Administrators<br />

are also required in this regard.<br />

Additional controls:<br />

- Have all Administrators and their deputies been adequately trained?<br />

- If responsibilities for administrative tasks have been changed, have the<br />

necessary training measures been initiated?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!