IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.110 Data privacy guidelines for logging<br />

procedures<br />

Initiation responsibility: Head of <strong>IT</strong> Section, data privacy officer<br />

Implementation responsibility: Administrators, data privacy officer<br />

In terms of data security, logging as part of <strong>IT</strong>-systems operation constitutes<br />

the manual or automatic generation of records which make it possible to<br />

determine ”who accessed or performed what, when, using which resources.”<br />

<strong>The</strong>se records should also indicate system states, i.e. ”who had which access<br />

rights for which period of time.”<br />

<strong>The</strong> nature and scope of logging depends on general data privacy laws as well<br />

as locally applicable guidelines.<br />

<strong>The</strong> logging of administrative activities is equivalent to system monitoring,<br />

while the logging of user activities serves essentially as process monitoring.<br />

Accordingly, requirements concerning the nature and scope of systemoriented<br />

logging originate primarily from general data privacy laws, while<br />

process-oriented logging is defined mainly by locally applicable guidelines.<br />

Examples of process-oriented logging guidelines are registration laws, police<br />

laws and constitutional laws.<br />

Minimum requirements for logging<br />

<strong>The</strong> following activities must be logged fully during the administration of <strong>IT</strong><br />

systems:<br />

- System generation and modification of system parameters<br />

As system-controlled logs are usually not generated on this level, detailed<br />

manual records corresponding to the system documentation are required<br />

here.<br />

- Configuration of users<br />

Complete records must be maintained as to which rights to use an <strong>IT</strong><br />

system were granted by whom to which people for which periods of time.<br />

Long-term retention periods must be specified for these logs, as they form<br />

the basis for practically every method of review.<br />

- Preparing rights profiles<br />

One important logging task as part of user administration is to maintain a<br />

record of the people who issued instructions to configure individual user<br />

rights (also refer to S 2.31 Documentation on authorised users and on<br />

rights profiles).<br />

- Installation and modification of application software<br />

Logs in this context indicate the outcome of releasing programs and<br />

processes.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!