IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.161 Development of a cryptographic concept
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management
Nowadays companies and agencies are increasingly dependent on their
information technology infrastructure. This is why it is necessary to have
security services which go beyond mere encryption, and why they have to be
integrated into the system as a whole.
Given the diversity of cryptographic problem situations and variety of
influencing factors, there are also many different approaches to solutions and
possible means of implementation. It cannot be assumed that there is one
solution which is capable of dealing with all security problems in computer
networks and/or communication systems. On the contrary, what is important is
harmonised interaction between appropriately selected components in order to
achieve the necessary degree of security. It is therefore necessary to develop a
cryptographic concept that is integrated into the agency’s or company’s IT
security concept.
The choice of suitable cryptographic components must be based on this
concept. A critical element in the whole crypto concept is key management.
Concepts and approaches to solutions can only be successfully devised and
put into practice precisely where they are needed when it is clear which
specific security functionalities and security services are required. Beyond this
there are also a number of system-related questions and aspects which do not
specifically belong in the field of security technology. This includes
performance requirements, for example, or requirements relating to system
links, interoperability and conformity with standards.
Figure: Perspectives and aspects in the selection of cryptographic procedures
and components
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Sichtweisen und Aspekte
Einflußfaktoren Realisierungsmöglichkeiten Nutzbarkeit
technisch organisatorisch wirtschaftlich politisch/
gesetzlich
system- sicherheitstechnisch
technisch
Systemanbindung
Lokalisierung
Datenvolumen
Zeitabhängigkeit
Synchronisation
Sicherheitsniveau
Schutzbedarf
Gefährdungen
Manipulationsstärke
Funktionsumfang
Verfügbarkeit/ Einsatz-
Zuverlässigkeit bedingungen
Personalaufwand
Schlüsselverteilung
und
-organisation
Interoperabilitätsanforderungen
Rationalisierung
Integrationsanforderungen
Standardkonformitätsanforderungen
Anschaffungskosten
Administrationskosten
Wartungskosten
Investitionsschutz
Ausfuhrbeschränkungen
Datenschutzrichtlinien
Verschlußsachenanweisung
Geheimschutzrichtlinien
VS-Einstufungslisten
Front-end
Firewall
Bündelverschlüssler
Kryptoknoten
integrierbare
Spezialkomponente
Chipkarte
Arbeitsplatz
LAN-Bereich
Rechnerkopplung
TK-Anlage
Mobilfunkeinrichtung
öffentliches
Festnetz