IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection of Generic Components Organisation
_________________________________________________________________________________________
3.1 Organisation
Description
This Chapter lists general and generic measures in the
organisational field which, as standard organisational
measures, are required to achieve a minimum protection
standard. Specific measures of an organisational nature which
directly relate to other measures (e.g. LAN administration)
are listed in the relevant chapters.
Threat Scenario
In this Chapter, the following typical threats (T) are considered as regards IT baseline protection:
Organisational Shortcomings
- T 2.1 Lack of, or insufficient, rules
- T 2.2 Insufficient knowledge of requirements documents
- T 2.3 A lack of compatible, or unsuitable, resources
- T 2.4 Insufficient monitoring of IT security measures
- T 2.5 Lack of, or inadequate, maintenance
- T 2.6 Unauthorised admission to rooms requiring protection
- T 2.7 Unauthorised use of rights
- T 2.8 Uncontrolled use of resources
- T 2.9 Poor adjustment to changes in the use of IT
- T 2.10 Data media are not available when required
Human Failure
- T 3.1 Loss of data confidentiality/integrity as a result of IT user error
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules"), as described in Sections 2.3 and 2.4, is recommended.
In the following, the countermeasure group "Organisation" is set out:
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000