IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.34 Documentation of changes made to an<br />

existing <strong>IT</strong> system<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

In order to ensure smooth operation, the Administrator must have, or be able<br />

to obtain, an overview of the system. In the event of an unforeseen absence of<br />

the Administrator, such an overview must also be available to his deputy. It is<br />

also essential to have an overview when making checks of the system (e.g. for<br />

problematic settings, consistency in changes).<br />

<strong>The</strong>refore, the changes made by Administrators to a system should be<br />

documented. If possible this should be automated. This applies, in particular,<br />

to changes made to system directories and files.<br />

When installing new operating systems or in case of updates, the changes<br />

made should be documented especially carefully. Activation of new, or<br />

modification of existing, system parameters may also fundamentally change<br />

the behaviour of the <strong>IT</strong> system (especially security functions).<br />

Under UNIX, executable files to which users other than the owner also have<br />

access, or whose owner is root, must be approved and documented by the<br />

System Administrator (cf. also S 2.9 Ban on the use of non-approved<br />

software). In particular, lists of the approved versions of these files, which in<br />

addition must as a minimum contain the creation date, the size of each file and<br />

information on any s bit settings, must be kept. <strong>The</strong>y are the prerequisite for<br />

regular security checks and for investigations following a loss of integrity.<br />

Additional controls:<br />

- Are log books kept of system changes?<br />

- Are the records up-to-date and complete?<br />

- Can the administration functions be continued on the basis of those<br />

records?<br />

- Have the records been protected against unauthorised access?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Overview of the system<br />

New operating systems<br />

or updates<br />

Approval and<br />

documentation of<br />

executable files

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!