IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection of Generic Components
_________________________________________________________________________________________
2.4 Basic Security Check
Organisation
In the discussion below it is assumed that for a given set of IT
assets a summary was prepared of the existing assets, their
Personnel
installation locations and the IT applications supported, based
on the IT structure analysis of the IT assets. Building on this, Firewall Server Rome
the protection requirements were then assessed, resulting in
an overview of the protection requirements of the IT
Modem
UNIX system
applications, the IT systems, the rooms in which IT assets are
used and the communication links. This information was then
used to perform IT baseline protection modelling of the IT
assets, in the course of which the IT assets under consideration were mapped to modules in the
manual.
This IT baseline protection module is now used as a test plan to establish, using a target versus actual
comparison, which standard security safeguards have been adequately implemented and which have
not been satisfactorily implemented.
This section describes how to perform the basic security check in the context of the central task of
drawing up an IT security concept which affords IT baseline protection. This basic security check
consists of three different steps. The first step entails making the organisational preparations and in
particular selecting the relevant contact persons for the target versus actual comparison. In step 2 the
target versus actual comparison is performed using interviews and sampling checks. In the final step,
the results of the target versus actual comparison are documented, together with the reasoning behind
it.
These three stages of the basic security check are described in detail below.
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000