HostedDB - Dedicated UNIX Servers
-->
IT Baseline Protection Manual S 3.10 Selection of a trustworthy administrator and his substitute

S 3.10 Selection of a trustworthy administrator and his substitute

Initiation responsibility: Agency/company management; Head of Personnel Section; Head of IT Section; PBX officer; IT Security Management

Implementation responsibility: -

The operators of IT systems and PBXes (telecommunications facilities) must have great confidence in the administrators (and their deputies) of such systems and installations. Depending on the systems used, they hold far-reaching and often complete authority. Administrators and their deputies can access, and possibly alter, all stored data and allocate rights in a way that allows serious potential misuse.

The staff employed for these tasks should be selected carefully. They should be periodically instructed that the relevant powers may be used only for the required administration tasks.

As administrators play a key role in ensuring that the hardware and software used is in working order, it must be ensured that someone else performs the administrators' tasks in their absence. The appointed substitute must have the up-to-date system configuration and have access to the passwords, keys and security tokens required for the administration.

If a company or an authority has several administrators with similar IT system knowledge, they can substitute each other if they have enough free capacities. In all areas in which just one administrator has the main responsibility for IT systems, two substitutes should be trained, as experience shows that if the administrator is absent for a long period of time, the substitute may not be available to take over all of the administration.

In order to ensure that the computer utility is in working order, it must be checked whether the necessary administration activities can be dealt with by the appointed administrators and their substitutes. This is particularly important when there are impending staff changes or changes to the organisational structure.

Particularly in the case of impending moves, administration tasks at another location can cause a considerable increase in the administrator's work load. In such cases, it must also be ensured that the operation at the previous location is not impaired up to the time of the move.

Additional controls:

© Copyright by
Bundesamt für Sicherheit in der Informationstechnik		 July 1999
home