IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.138 Structured data storage
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator, IT users
Poorly structured data storage can lead to a wide variety of problems. For this
reason, all IT users should be instructed on how to store data in clear, wellstructured
manner. Appropriate structures should be specified by the
Administrators on all servers. This is also a prerequisite for achieving a
differentiated allocation of access rights.
Program and work files should always be stored in separate sectors. This
makes it easier to obtain an overview, simplifies data backups and ensures
correct access protection. In the case of most application programs, very few
or no configuration files are modified following installation. If possible, all
files which are modified regularly should be stored in separate directories, so
that only those directories need to be included in the regular data backups.
Where programs and data are kept properly separated, it is sufficient to only
include the data in the regular data backups. It is important to have working
files carefully backed up so that, if necessary, the backups can also be worked
on on other systems.
In the case of networked systems, it is also necessary to determine which
programs and files should be stored on local hard disks or on a network server.
Both options have advantages as well as disadvantages, and must be evaluated
in accordance with the existing organisational structure as well as the
hardware and software in use. For example, files with high availability
requirements and the related application programs should be stored on
workstation computers rather than on the network server. In this case,
appropriate contingency measures also need to be implemented for these
workstation computers.
Task-specific or project-specific directories should be created in order to
facilitate the allocation of files. As few files as possible should be stored in
personal directories.
To prevent the existence of different versions of basic files required for
ongoing activities, such as letter templates, forms, project plans etc., such files
should be managed centrally. For example, these files should be stored on a
server so that all users have read access to them, but only one person is
authorised to modify each individual file.
The following example shows how data can be structured on a server by
specifying directory paths:
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Keep programs and
application files separate
Task-or project-specific
directories