1.2 Structure and Interpretation of the Manual

The IT Baseline Protection Manual is divided into five main areas. To facilitate understanding of the manual, a brief explanation is provided here of each of these areas.

Introduction and procedure

This first section comprises Chapters 1 and 2. These chapters introduce the concept of IT baseline protection, present guidance as to how to use the manual and how to move between topics in the manual, and discuss the procedure to be adopted in drawing up a security concept which affords IT baseline protection. To understand the manual, it is important to work through Chapter 2. This describes in detail what steps are necessary in order to achieve a "baseline protection" level of IT security. In particular, it explains how to map an existing IT infrastructure onto the various manual modules and how to perform and document a target versus actual comparison where the target state of affairs corresponds to IT baseline protection.

Modules

The second section of the manual comprises Chapters 3 to 9. These chapters contain the threat scenario and the safeguards that are recommended for various components, procedures and IT systems. In each case the relevant safeguards are gathered together in a single module. They are logically grouped into the following chapters:

Threats Catalogues

This section of the manual contains detailed descriptions of the threats which are included in the threat scenarios for the individual modules. The threats are grouped into five catalogues:

Safeguards Catalogues

This section provides detailed descriptions of the IT security safeguards mentioned in the various modules of the manual. The measures are grouped into six catalogues of safeguards:

Annexes

The last section of the manual contains supplementary aids, forms, brief descriptions of tools covering all aspects of IT baseline protection and a list of registered users of the manual.

Interpretation of the manual

The modules, which all have the same structure, form the most important part of the IT Baseline Protection Manual. Each module starts with a brief description of the component, procedure or IT system under consideration.

This is followed by a description of the threat scenario. The threats here are divided into the aforementioned categories of Force Majeure, Organisational Shortcomings, Human Error, Technical Failure and Deliberate Acts.

To make it easier to see which modules are relevant and to avoid redundancies, in each case only a reference is provided to the text in which the threat is described in more detail. An example is provided below as to how a threat would be cited within a module:

In the code T x.y , the letter "T" stands for threat. The number x before the decimal point refers to the Threats Catalogue (in this case T 4 = Technical Failure) and the number y after the decimal point is the serial number of the threat within the catalogue concerned. This is followed by the name of the threat. It is recommended that the user then reads the text of the threat referenced for the sake of gaining awareness and understanding the safeguards which apply, but it is not absolutely essential to read this text in order to be able to draw up an IT security concept on the basis of the IT Baseline Protection Manual.

The recommended safeguards which are listed after the section on the threat scenario constitute the major part of a given module. Brief information is presented first of all on the safeguard package concerned. In some modules these statements contain, for example, information on the recommended sequence to follow in implementing the necessary safeguards.

As was done with the threats, the safeguards themselves are grouped according to the headings in the Safeguards Catalogues, i.e. in this case, under the headings Infrastructure, Organisation, Personnel, Hardware & Software, Communications and Contingency Planning. The same procedure is followed as in the handling of threats, i.e. in each case only a reference is provided to the relevant safeguard. An example is provided below as to how a recommended safeguard would be cited within a module:

In the code S x.y , "S" refers to a safeguard, and the number x before the decimal point refers to the Safeguards Catalogue (in this case S 1 = Infrastructure). The number y after the decimal point is the serial number of the safeguard within the relevant catalogue.

The number in brackets - in this case (1) - assigns a priority to each safeguard. This is extremely important when drawing up a plan for the implementation of safeguards which have not previously been implemented or have only partially been implemented. In practice, it is during this phase that problems in finding sufficient financial or staff resources and/or with timescales frequently occur. If these would mean that full implementation of all the necessary safeguards would have to be delayed, then the starting point in determining the sequence to be followed in implementing any missing safeguards should be the priority assigned to each of the various safeguards in the modules. The following priority levels have been assigned:

1 These safeguards constitute the basis for security within the module concerned. Implementation of these safeguards should be given top priority.
2 These safeguards are important. If possible, they should be implemented speedily.
3 These safeguards are important in terms of rounding off the IT security. If bottlenecks prevent their being implemented immediately, they can be deferred until a later time.

Some of the safeguards are indicated as being optional. Example:

Safeguards can be designated optional for a variety of reasons, possibly because they are expensive to implement, because they are aimed at a higher protection requirement or because they replace other safeguards. As these safeguards cannot be viewed as reasonable for IT baseline protection in every case, a decision always needs to be made and justified as to whether it is reasonable and cost-effective to implement them. If the protection requirement is higher, implementation is generally advised.

In order to be able to draw up an IT security concept on the basis of the IT Baseline Protection Manual and perform the target versus actual comparison that is required, it is necessary to read the text on the safeguards in the modules identified in the relevant Safeguards Catalogue carefully. To illustrate the procedure, an excerpt from one of the safeguards is shown below as an example.

S 2.11 Provisions Governing the Use of Passwords

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: IT Security Management, users

[Text of the safeguard...]

Additional controls:

[...]

Next to the actual recommendation as to how the various safeguards should be implemented various responsible persons are specified as a guide. Initiation responsibility refers to the persons or roles who/which should typically be responsible allocating resources and supervising the implementation of a safeguard. Implementation responsibility refers to the persons or roles who/which should be charged with implementing the safeguard.

At the end of the text some additional control questions are listed. These are intended to round off the subject covered and to motivate the reader to cast a critical eye over implementation of the safeguards. These additional control questions do not, however, claim to be complete.

The link between the threats assumed for IT baseline protection and the recommended safeguards is shown in the Safeguard-Threat Tables. These are not included in the printed version of the manual but will be found on the CD-ROM which goes with the IT Baseline Protection Manual (see Annex: Additional Aids). There is a Safeguard-Threat Table for every module.

As an example, an excerpt is provided below from the Safeguard-Threat Table for the module Exchange of Data Media:

Priority   T
1.
7
T
1.
8
T
1.
9
T
2.
3
T
2.
10
T
2.
17
T
2.
18
T
2.
19
T
3.
1
T
3.
3
T
3.
12
T
3.
13
T
4.
7
T
5.
1
T
5.
2
T
5.
4
T
5.
9
T
5.
23
T
5.
29
T
5.
43
S 1.36 2* X X             X         X X X X   X  
S 2.3 2       X X X             X X X X X X X X
S 2.42 2             X   X                      
S 2.43 1         X X X       X                  
S 2.44 1 X X X               X   X X X   X   X  

All the tables are structured in the same way. The column headings show the threats listed in the associated modules together with their numbers. The column at the far left shows the numbers of the safeguards. Column 2 shows the priority assigned to a given safeguard in the module under consideration. If this column contains an asterisk, then the safeguard concerned should be viewed as "optional" in this module.

The other columns show the relationship between safeguards and threats. An "X" in a given cell means that the corresponding safeguard is effective against the relevant threat. The effect of the safeguard may be either of a preventive nature or else aimed at mitigating the loss or damage.

Where it is not possible to implement a recommended safeguard, it is possible to see from these tables which threats, if any, are not properly protected against. In such cases consideration should be given as to whether an alternative safeguard should be implemented. When using these tables, the number of "X" entries next to a given safeguard should not be interpreted as an indication of the relative importance of that safeguard. There are cases of safeguards which are only effective against a single threat but which are still absolutely essential.

Finally it should be pointed out that all the modules, threats, safeguards, tables and additional aids are contained on the CD-ROM which comes with the IT Baseline Protection Manual. The related text may be reused to assist in drawing up a security concept and/or implementing safeguards.


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update: October 2000