IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection of Generic Components Personnel
_________________________________________________________________________________________
3.2 Personnel
Description
This Chapter states the generic IT baseline protection
safeguards which, on a standard basis, should be implemented
with regard to personnel matters. A wide variety of
safeguards are required, commencing with the taking on of
new staff until the termination of their employment.
Personnel-related safeguards linked to a specific function, e.g.
the appointment of a system administrator of a LAN, are
listed in the IT-specific chapters.
Threat Scenario
In this Chapter, the following typical threats (T) are considered as regards IT baseline protection:
Force Majeure
- T 1.1 Loss of personnel
Organisation deficiencies
- T 2.2 Insufficient knowledge of requirements documents
Human Failure:
- T 3.1 Loss of data confidentiality/integrity as a result of IT user error
- T 3.2 Negligent destroying of equipment or data
- T 3.3 Non-compliance with IT security measures
- T 3.8 Improper use of the IT system
Deliberate Acts:
- T 5.1 Manipulation/destruction of IT equipment or accessories
- T 5.2 Manipulation of data or software
- T 5.42 Social engineering
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules") as described in chapters 2.3 and 2.4, is recommended.
In the following, the safeguard package for "Personnel" is set out:
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000