HostedDB - Dedicated UNIX Servers
-->
IT Baseline Protection Manual - Chapter 3.1 Organisation

3.1 Organisation

Description

This Chapter lists general and generic measures in the organisational field which, as standard organisational measures, are required to achieve a minimum protection standard. Specific measures of an organisational nature which relate directly to other measures (e.g. LAN administration) are listed in the relevant chapters. Standard security measures that are oriented towards the proper management of IT components (hardware or software) will be found in Section 3.9.

Threat Scenario

In this chapter, the following typical threats (T) are considered as regards IT baseline protection:

Organisational Shortcomings

  • T 2.1 Lack of, or insufficient, rules
  • T 2.2 Insufficient knowledge of requirements documents
  • T 2.3 A lack of compatible, or unsuitable, resources
  • T 2.5 Lack of, or inadequate, maintenance
  • T 2.6 Unauthorised admission to rooms requiring protection
  • T 2.7 Unauthorised use of rights
  • T 2.8 Uncontrolled use of resources

    • Recommended Countermeasures

    To implement IT baseline protection, selection of the required packages of safeguards ("modules") is recommended, as described in Sections 2.3 and 2.4.

    The package of measures which fall under the heading "Organisation" is set out below:

    Organisation

  • S 2.1 (2) Specification of responsibilities and of requirements documents for IT uses
  • S 2.2 (2) Resource management
  • S 2.4 (2) Maintenance/repair regulations
  • S 2.5 (1) Division of responsibilities and separation of functions
  • S 2.6 (1) Granting of site access authorisations
  • S 2.7 (1) Granting of (system/network) access rights
  • S 2.8 (1) Granting of access rights
  • S 2.13 (2) Correct disposal of resources requiring protection
  • S 2.14 (2) Key management
  • S 2.37 (2) Clean desk policy
  • S 2.39 (2) Response to violations of security policies
  • S 2.40 (2) Timely involvement of the staff/factory council
  • S 2.177 (2) Security during relocation
  • S 2.225 (2) Assignment of responsibility for information, applications and IT components
    • © Copyright by
    Bundesamt für Sicherheit in der Informationstechnik    		 last update:
    July 2001
    home