IT Baseline Protection Manual - Chapter 2.3 IT Baseline Protection Modelling
2.3.2 Modelling of an Individual IT System
Depending on the object(s) under examination, the tables below serve different
functions. If the IT assets under consideration consists only of a single IT
system or a single group of IT systems which have the same configuration, same
framework conditions and same applications, then as a minimum the modules required
for modelling can be read directly out of these tables. Modules with no entry
in the relevant column should be used as well if they are relevant to the individual
IT system under consideration.
If on the other hand the IT assets are composed out of different components,
then the tables provided below will help in checking whether modelling as described
in Section 2.3.1 is complete. If, for example, the present IT assets contain
Windows NT clients, then all the modules which have an "X" in
the relevant table should be considered during modelling. Modules identified
with "(X)" only need to be used when certain conditions apply. These
conditions are listed in Section 2.3.1.
Key:
X
The module must be applied to this IT system.
(X)
The module must be applied to this IT system if the conditions
specified in Section 2.3.1 apply.
X1
A server room can be replaced by a server cabinet.
IT Systems
Stand-Alone Systems / Clients
Module
DOS-PC (Single User)
UNIX System
Laptop PC
PC (Multi-user)
Windows NT PC
Windows 95 PC
3.0
IT Security Management
X
X
X
X
X
X
3.1
Organisation
X
X
X
X
X
X
3.2
Personnel
X
X
X
X
X
X
3.3
Contingency Planning Concept
(X)
(X)
(X)
(X)
(X)
(X)
3.4
Data Backup Policy
X
X
X
X
X
X
3.6
Computer Virus Protection Concept
X
X
X
X
X
X
3.7
Crypto Concept
(X)
(X)
(X)
(X)
(X)
(X)
3.8
Handling of Security Incidents
(X)
(X)
(X)
(X)
(X)
(X)
4.1
Buildings
X
X
X
X
X
4.2
Cabling
X
X
X
X
X
4.3.1
Offices
X
X
X
X
X
4.3.2
Server rooms
4.3.3
Storage Media Archives
4.3.4
Technical Infrastructure Rooms
4.4
Protective Cabinets
4.5
Working Place At Home (Telecommuting)
5.1
DOS PC (Single User)
X
(X)
(X)
5.2
UNIX System
X
(X)
(X)
5.3
Laptop PC
X
(X)
5.4
PCs With a Non-Constant User Population
(X)
(X)
(X)
X
5.5
PC under Windows NT
(X)
X
5.6
PC with Windows 95
(X)
X
5.99
Stand-Alone IT Systems Generally
6.1
Server-Supported Network
6.2
UNIX Server
6.3
Peer-to-Peer Network
6.4
Windows NT Network
6.5
Novell Netware 3.x
6.6
Novell Netware 4.x
6.7
Heterogeneous Networks
6.8
Network and System Management
7.1
Exchange of Data Media
(X)
(X)
(X)
(X)
(X)
(X)
7.2
Modem
7.3
Firewall
7.4
E-Mail
7.5
WWW Server
7.6
Remote Access
8.1
Telecommunications System (Private Branch Exchange, PBX)
8.2
Fax Machine
8.3
Answering Machine
8.4
LAN connection over ISDN
8.5
Fax Servers
8.6
Mobile Telephones
9.1
Standard Software
X
X
X
X
X
X
9.2
Databases
9.3
Telecommuting
IT Systems
Stand-Alone Systems / Clients
Stand-Alone Systems / Clients
Module
Telecommuting
Stand-Alone IT Systems Generally
3.0
IT Security Management
X
X
3.1
Organisation
X
X
3.2
Personnel
X
X
3.3
Contingency Planning Concept
(X)
(X)
3.4
Data Backup Policy
X
X
3.6
Computer Virus Protection Concept
X
X
3.7
Crypto Concept
(X)
(X)
3.8
Handling of Security Incidents
(X)
(X)
4.1
Buildings
X
4.2
Cabling
X
4.3.1
Offices
X
4.3.2
Server Rooms
4.3.3
Storage Media Archives
4.3.4
Technical Infrastructure Rooms
4.4
Protective Cabinets
4.5
Working Place At Home (Telecommuting)
X
5.1
DOS PC (Single User)
(X)
5.2
UNIX System
(X)
5.3
Laptop PC
5.4
PCs With a Non-Constant User Population
5.5
PC under Windows NT
(X)
5.6
PC with Windows 95
(X)
5.99
Stand-Alone IT Systems Generally
(X)
X
6.1
Server-Supported Network
6.2
UNIX Server
6.3
Peer-to-Peer Network
6.4
Windows NT Network
6.5
Novell Netware 3.x
6.6
Novell Netware 4.x
6.7
Heterogeneous Networks
6.8
Network and System Management
7.1
Exchange of Data Media
(X)
(X)
7.2
Modem
(X)
7.3
Firewall
7.4
E-Mail
7.5
WWW Server
7.6
Remote Access
8.1
Telecommunications System (Private Branch Exchange, PBX)
8.2
Fax Machine
(X)
8.3
Answering Machine
(X)
8.4
LAN connection over ISDN
(X)
8.5
Fax Servers
8.6
Mobile Telephones
9.1
Standard Software
X
X
9.2
Databases
9.3
Telecommuting
X
IT Systems
Server / Network
Module
UNIX Network
Peer-to-Peer Network
Windows NT Network
Novell 3.x Network
Novell 4.x Network
3.0
IT Security Management
X
X
X
X
X
3.1
Organisation
X
X
X
X
X
3.2
Personnel
X
X
X
X
X
3.3
Contingency Planning Concept
(X)
(X)
(X)
(X)
(X)
3.4
Data Backup Policy
X
X
X
X
X
3.6
Computer Virus Protection Concept
X
X
X
X
X
3.7
Crypto Concept
(X)
(X)
(X)
(X)
(X)
3.8
Handling of Security Incidents
(X)
(X)
(X)
(X)
(X)
4.1
Buildings
X
X
X
X
X
4.2
Cabling
X
X
X
X
X
4.3.1
Offices
X
4.3.2
Server Rooms
X
X
X
X
4.3.3
Storage Media Archives
4.3.4
Technical Infrastructure Rooms
4.4
Protective Cabinets
X1
X1
X1
X1
X1
4.5
Working Place At Home (Telecommuting)
5.1
DOS PC (Single User)
(X)
5.2
UNIX System
(X)
5.3
Laptop PC
(X)
5.4
PCs With a Non-Constant User Population
(X)
5.5
PC under Windows NT
(X)
5.6
PC with Windows 95
(X)
5.99
Stand-Alone IT Systems Generally
(X)
6.1
Server-Supported Network
X
X
X
X
6.2
UNIX Server
X
6.3
Peer-to-Peer Network
X
6.4
Windows NT Network
X
6.5
Novell Netware 3.x
X
6.6
Novell Netware 4.x
X
6.7
Heterogeneous Networks
X
X
X
X
X
6.8
Network and System Management
7.1
Exchange of Data Media
7.2
Modem
7.3
Firewall
7.4
E-Mail
7.5
WWW Server
(X)
(X)
(X)
(X)
7.6
Remote Access
8.1
Telecommunications System (Private Branch Exchange, PBX)
8.2
Fax Machine
8.3
Answering Machine
8.4
LAN connection over ISDN
8.5
Fax Servers
(X)
(X)
(X)
(X)
8.6
Mobile Telephones
9.1
Standard Software
X
X
X
X
X
9.2
Databases
(X)
(X)
(X)
(X)
9.3
Telecommuting
IT Systems
Communication System
Module
Firewall
Private Branch Exchange
Fax Machine
Answer-phone
Fax Servers
3.0
IT Security Management
X
X
X
X
X
3.1
Organisation
X
X
X
X
X
3.2
Personnel
X
X
X
X
X
3.3
Contingency Planning Concept
(X)
(X)
(X)
(X)
(X)
3.4
Data Backup Policy
X
X
X
X
X
3.6
Computer Virus Protection Concept
X
X
X
X
X
3.7
Crypto Concept
(X)
(X)
(X)
(X)
(X)
3.8
Handling of Security Incidents
(X)
(X)
(X)
(X)
(X)
4.1
Buildings
X
X
X
X
X
4.2
Cabling
X
X
X
X
X
4.3.1
Offices
X
X
4.3.2
Server Rooms
X
X
X
4.3.3
Storage Media Archives
4.3.4
Technical Infrastructure Rooms
4.4
Protective Cabinets
X1
X1
X1
4.5
Working Place At Home (Telecommuting)
5.1
DOS PC (Single User)
5.2
UNIX System
5.3
Laptop PC
5.4
PCs With a Non-Constant User Population
5.5
PC under Windows NT
5.6
PC with Windows 95
5.99
Stand-Alone IT Systems Generally
6.1
Server-Supported Network
X
X
6.2
UNIX Server
(X)
(X)
6.3
Peer-to-Peer Network
6.4
Windows NT Network
(X)
(X)
6.5
Novell Netware 3.x
(X)
(X)
6.6
Novell Netware 4.x
(X)
(X)
6.7
Heterogeneous Networks
X
X
6.8
Network and System Management
7.1
Exchange of Data Media
7.2
Modem
7.3
Firewall
X
7.4
E-Mail
7.5
WWW Server
7.6
Remote Access
8.1
Telecommunications System (Private Branch Exchange, PBX)