IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.158 Reporting computer virus infections
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Head of IT Section
When a computer virus infects a system, the priority is to prevent other IT
systems from becoming infected. To this end, a contact person should be
appointed at the institution, to whom a computer virus infection must be
reported without delay. On the basis of the documents produced in accordance
with S 2.155 Identification of IT systems potentially threatened by computer
viruses, this person can immediately decide which users need to be informed
about the occurrence of a computer virus as appropriate. These alerting routes
must also be established within the framework of the reporting system.
In addition to the institution’s own staff, all externals who may be affected by
the virus infection must also be informed. These include in particular those
people who it is presumed have forwarded or received the virus.
To obtain an overview of the current threat posed by computer viruses, the
BSI maintains a set of statistics about all virus infections that have occurred.
For this purpose, a virus reporting sheet was issued on which a virus incident
should be recorded. The virus report is used by the BSI for statistical purposes
only; it can also be submitted anonymously (a preprinted form is provided in
the appendix).
The appointed contacts are then finally also the people via whom the measures
leading to elimination of the detected computer virus infection are to be
initiated. These should document all infections with computer viruses, their
effects and their elimination. This information forms a basis for updating the
virus protection concept, and provides a record of incidences of damage that
have occurred and of the effort and expense of correction.
In order to set up the reporting system, it is necessary for the contact person to
be made known to all staff in an appropriate form. This may take the form of a
leaflet, for example (cf. S 6.23 Procedures in the event of computer virus
infection). Especially when there is a hoax (see T 5.80 Hoaxes) it is important
that users forward these supposed security instructions only to the contact
person appointed to deal with virus problems, and do not spread them further.
In the same way, the contacts must regularly keep themselves informed of any
new computer viruses that appear so that they can arrange for the computer
virus scanning programs to be updated or those users affected to be alerted, as
the need arises.
Additional controls:
- Has it been ensured that the contact person for computer virus infections is
known to all IT users?
- Has it been ensured that the contact person can alert all those potentially
affected by an acute computer virus infection as quickly as possible?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000