5.99 Stand-alone IT systems

Description

Here, an IT system is considered which is not linked with any other IT system. It can be based on any operating system, run on any platform, and consist of a PC with or without a hard disk, Unix workstation or Apple Macintosh. The IT system can possess floppy disks and CD drives, a hard disk, a mouse and other peripheral components. If a printer is required, it is connected directly to the system. A graphic user interface can also be employed here.

This chapter provides an overview of the threats and IT security measures typical of stand-alone IT systems. The overview applies, in general, to all operating systems. For more detailed information, refer to additional chapters of the IT Baseline Protection Manual (e.g. Chapter 5.2 Stand-alone Unix system).

Threat Scenario

The following typical threats are assumed as regards IT baseline protection of a stand-alone IT system:

Force Majeure:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

The safeguard package for "Stand-alone IT systems" is described in the following. The safeguards can be subdivided as

Depending on the operating system in use, this module might need to be supplemented with additional safeguards.

The following basic safeguards need to be implemented:

Infrastructure:

Organisation:

Personnel:

Hardware/Software:

Contingency Planning:

If an IT system is to be used by several persons, then administration of the computer and distinction between users are absolutely necessary. In this case, the following safeguards and threats are to be considered additionally for multi-user operation:

Threat Scenario

Organisational Shortcomings:

Human Failure:

Deliberate Acts:

Recommended Countermeasures (S)

Organisation:

Personnel:

Hardware/Software:

If the operating system underlying the IT system does not allow a division between users, the following safeguard should also be observed:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000