IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

- Demands on software can range from the manufacturer's declaration<br />

concerning the quality assurance systems used, ISO 9000 etc. certificates to<br />

independent software tests according to ISO 12119.<br />

Brief examples:<br />

- <strong>The</strong> software production process of the manufacturer must be<br />

certified according to ISO 9000.<br />

- <strong>The</strong> functionality of the product must be checked by an independent<br />

body according to ISO 12119.<br />

- It the product is to fulfil <strong>IT</strong> security functions, these are to be set down in<br />

security requirements (c.f. S 4.42 Implementation of Security Functions in<br />

the <strong>IT</strong> Application). This is described in detail below.<br />

Security Requirements<br />

Dependent on whether the product must have security features, security<br />

functions can be stipulated in the Requirements Catalogue. Typical security<br />

functions which are relevant here are briefly explained. Further details are to<br />

be found in the <strong>IT</strong>SEC.<br />

- Identification and authentication<br />

Many products require that those users who have access to resources<br />

controlled by the product should be determined and monitored. Not only<br />

the claimed identity of the user should be determined, but it should be<br />

checked whether the user really is the person he claims to be. This takes<br />

place by the user providing the product with information connected to the<br />

user in question.<br />

- Access control<br />

For many products it will be necessary to ensure that users and processes<br />

working for these users are prevented from gaining access to information<br />

or resources when they are not entitled to access or when access is not<br />

necessary. Further, there will be requirements concerning the unauthorised<br />

creation or modification (including deletion) of information.<br />

- Logging<br />

For many products it will be necessary to ensure that actions taken by users<br />

or processes on behalf of such users are recorded. This allows the<br />

consequences of such actions to be assigned to the user in question so that<br />

the user can be held responsible for his actions.<br />

- Protocol evaluation<br />

For many products it will be necessary to ensure that sufficient information<br />

is recorded concerning both usual and unusual incidents. Checks at a later<br />

date can thus determine whether security breaches have taken place and<br />

which information or other resources were affected.<br />

- Incorruptibility<br />

For many products it will be necessary to ensure that certain relations<br />

between various data remain correct and that data can be transferred<br />

between various processes without alteration.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!