|
|
Initiation responsibility: IT Security Management Team
Implementation responsibility: Head of IT Section, IT Security Management Team
Creation of an IT security policy and also the review, maintenance, troubleshooting and repair of IT systems require a complete and correct record to have been made of existing and planned IT systems. It is particularly important that such a schedule should be complete and up-to-date. In particular, it should also contain a detailed connectivity plan.
If a complete IT equipment register and a connectivity plan already exist, then the information required can be taken from these. If such a register does not exist or it does not contain the information, then this will have to be collected now.
As a minimum the schedule must contain the following information for all IT systems:
In addition, a connectivity plan which shows clearly the networking structures including connections to the outside world should be available.
If there are such a large number of IT systems that a complete listing would not appear appropriate, similar IT systems can be grouped together if, from the point of view of application structure and sequence, comparable IT applications run on these systems. This applies particularly to PCs, large numbers of which often have a similar configuration.
It is important to check such a schedule at regular intervals to ensure that it is up-to-date and complete. This requires that steps are taken to ensure that the IT Security Management Team is informed of every change in the IT assets used.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: October 2000 |