IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
Organisational rules or technical measures are required in order to meet the
following conditions, in particular:
- The browsers intended for users should be pre-configured by the
administrator so as to automatically achieve the highest possible level of
security without further intervention by the users (see also S 5.45 Security
of WWW browsers).
- Files whose content is liable to cause offence must be neither placed on nor
retrieved from WWW servers. It must be established what type of content
is considered offensive.
- After files have been downloaded, they must be explicitly checked for
computer viruses.
All rules and instructions concerning the use of the WWW must be specified
in writing and should remain available to employees at all times. A sample of
such rules is given on the CD-ROM accompanying the IT Baseline Protection
Manual, in the Auxiliary Materials directory.
In order to prevent operating errors and to ensure observance of the
organisation’s internal guidelines, users must be given training before they use
the WWW, both in operation of their WWW browser and in the use of the
Internet. In particular, they must be made aware of potential hazards and of
the security measures that have to be observed.
Supplementary checks:
- Is there a security strategy for the operation of a WWW server?
- Is there a security strategy for the use of WWW services?
- Are the arrangements that have been made adequate?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000