|
Initiation responsibility: PBX officer; IT Security Management; personnel committee/works council
Implementation responsibility: IT Security Management, Administrators
Staff members must be advised of the risks involved in the use of a digital PBX (telecommunications facility). This could be done, for instance, by means of a short briefing or instruction sheets. It must be borne in mind that abnormal behaviour of a PBX should be reported. Since in case of manipulations of a PBX installation, involvement of the PBX operator cannot be precluded, an independent controller, such as IT Security Management or departmental data security officers, should be informed in such cases.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |