IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>IT</strong> <strong>Baseline</strong> <strong>Protection</strong> of Generic Components Crypto-concept<br />

_________________________________________________________________________________________<br />

3.7 Crypto-concept<br />

Description<br />

This module describes a process with which, in a<br />

heterogeneous environment, both the data stored locally and<br />

the data to be transmitted can be protected effectively through<br />

cryptographic procedures and techniques. For this purpose,<br />

0100011101001000<br />

the module explains how and where in a heterogeneous<br />

environment cryptographic procedures and the corresponding<br />

components can be used. As a large number of influencing<br />

factors should be taken into account when using cryptographic procedures, a crypto-concept should be<br />

created.<br />

This module describes how to create a crypto-concept. It starts by determining the requirements and<br />

influencing factors, then goes on to the selection of suitable cryptographic solutions and products, and<br />

ends with raising the awareness of and training the users as well as crypto contingency planning.<br />

This module can also be consulted when only a cryptographic product is to be selected for one of the<br />

possible areas of use. In this case, it is possible to leave out several of the steps described in the<br />

following and only perform those that are relevant for the particular area of use.<br />

In order to implement this module, it is necessary to have a basic understanding of the fundamental<br />

cryptographic mechanisms. An overview of basic cryptographic terms can be found in S 3.23<br />

Introduction to basic cryptographic terms.<br />

Threat Scenario<br />

Cryptographic procedures are used to guarantee<br />

- confidentiality,<br />

- integrity,<br />

- authenticity and<br />

- non-repudiation.<br />

<strong>The</strong>refore, the following threats to cryptographic procedures are primarily taken into account for <strong>IT</strong><br />

baseline protection:<br />

- T 4.33 Poor-quality or missing authentication<br />

- T 5.85 Loss of integrity of information that should be protected<br />

- T 5.27 Repudiation of a message<br />

- T 5.71 Loss of confidentiality of classified information<br />

If cryptographic procedures are used, the following threats should also be taken into account for <strong>IT</strong><br />

baseline protection:<br />

_________________________________________________________________________________________<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Otober 2000<br />

A B C<br />

A B C

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!