IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

Assessment Scale<br />

In order to be able to carry out a comparison of various products, criteria must<br />

be available as to what extent the various requirements are fulfilled. To do<br />

this, it is necessary to assess the quantitative and qualitative importance of the<br />

various requirements for the <strong>IT</strong>-supported task.<br />

This assessment can take place in three steps, for example. In the first step, it<br />

is determined which features stipulated in the Requirements Catalogue are<br />

necessary and which are desirable. If a necessary feature is not fulfilled, the<br />

product is rejected (so-called K.O. criterion). In the event that a desirable<br />

feature is not fulfilled, this is considered as a negative aspect, but the product<br />

is not necessarily rejected as a result.<br />

As a second step, the importance of the desirable features is determined. This<br />

can be quantitative, for example, with values between 1 for low and 5 for<br />

high. Necessary features must not be assessed quantitatively. In the event that<br />

this is necessary, however, these features must be of a higher value than the<br />

desirable features (in order to highlight the importance of a necessary feature,<br />

it can represent a value of 10, for example).<br />

In the third step, a confidence factor is determined for the feature with regard<br />

to fulfilment of its intended task (e.g. with values between 1 for low and 5 for<br />

high). On the basis of this confidence factor, a decision is taken as regards the<br />

extent to which feature is to be tested. <strong>The</strong> confidence factor of the security<br />

mechanisms must be determined in accordance with their strengths.<br />

- low mechanism strength with confidence factor 1<br />

- medium mechanism strength with confidence factor 3<br />

- high mechanism strength with confidence factor 5<br />

<strong>The</strong>se guidelines should be checked according to the individual cases.<br />

Examples:<br />

In extracts, security requirements for some typical standard software products<br />

are described below:<br />

Word processing programs:<br />

Necessary security features:<br />

- Automatic saving of intermediate data while the program is running<br />

Desirable security features:<br />

- Password protection of individual files<br />

- Encryption of individual files<br />

- It must be possible to switch off the macro programming<br />

File compression program:<br />

Necessary security features:<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!