IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.63 Establishing Access Rights<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Person-in-charge of the various <strong>IT</strong><br />

applications, Administrator<br />

If a system is operated by several users, the access rights must be administered<br />

in such a way that the users can only operate the <strong>IT</strong> system in accordance with<br />

their tasks.<br />

This assumes that the access authorisations for the various functions have<br />

been stipulated by the persons-in-charge (c.f. S 2.7 Granting of<br />

(system/network) access rights and S 2.8 Granting of (application/data) access<br />

permissions). <strong>The</strong> users of the <strong>IT</strong> system are then allocated to the various<br />

functions. <strong>The</strong> results should be in writing.<br />

<strong>The</strong> Administrator must then configure the <strong>IT</strong> system in such a way that these<br />

users receive access to the <strong>IT</strong> system and are only able to conduct their tasks<br />

with the access authorisation allocated to them. If the <strong>IT</strong> system offers no<br />

possibility of assigning access rights (e.g. a DOS-PC with multiple users) a<br />

supplementary product will have to be used (c.f. S 4.41 Use of a suitable PC<br />

security product).<br />

If the <strong>IT</strong> system permits, the report functions should be activated by the<br />

Administrator for the purpose of providing evidence. This may be successful<br />

and unsuccessful log-on / log-off processes, system errors, attempts to access<br />

the system without authorisation.<br />

In the event of substitution, the Administrator must check that his substitute is<br />

authorised by the superior. Only then may he establish the access<br />

authorisations in the case of substitution.<br />

Additional controls:<br />

- Are the site authorisations assigned by the administrator randomly<br />

checked?<br />

- Does documentation exist which shows the authorisation structure in the <strong>IT</strong><br />

system?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!