IT Baseline Protection Manual
   
Preface  
Introduction  
   
Finding Your Way Around the IT Baseline Protection Manual Using the IT Baseline Protection Manual
1.1 IT Baseline Protection: the Aim, Concept and Central Idea Using the IT Baseline Protection Manual
1.2 Structure and Interpretation of the Manual 2.1 IT Structure Analysis
1.3 Using the IT Baseline Protection Manual 2.2 Assessment of Protection Requirements
1.4 Brief Outline of Existing Modules 2.3 IT Baseline Protection Modelling
1.5 Resources 2.4 Basic Security Check
1.6 Information Flow and Points of Contact 2.5 Supplementary Security Analysis
  2.6 Implementation of IT Security Safeguards
  2.7 IT Baseline Protection Certificate
 
   
Generic Components Infrastructure
IT Security Management Buildings
Organisation Cabling
Personnel Office
Contingency Planning Server Room
Data Backup Policy Data Media Archives
Data Privacy Protection Technical Infrastructure Room
Concept of computer virus protection Protective Cabinets
Crypto-concept Working place at home
Handling of security incidents  
   
Non-Networked Systems Networked Systems
DOS-PC (single user) Server-supported Network
DOS-PC (multiuser) Unix-Server
Laptop PC Peer-to-Peer Network
Unix-System Windows NT Network
Windows NT PC Novell Netware 3.x
Windows 95 PC Novell Netware 4.x
Stand-alone IT systems Heterogeneous Networks
  Network and System Management
   
Data Transmission Systems Telecommunications
Exchange of Data Media Telecommunications System (PBX)
Modem Fax Machine
Firewall Answering Machine
E-Mail LAN integration of an IT system via ISDN
WWW server Fax server
Remote Access Mobile Telephones
   
Other IT Components  
Standard software  
Databases  
Telecommuting  
   
Safeguards Catalogues Threats Catalogues
S 1 Infrastructure T 1 Force majeure
S 2 Organisation T 2 Organisational Shortcomings
S 3 Personnel T 3 Human Failure
S 4 Hardware/Software T 4 Technical Failure
S 5 Communications T 5 Deliberate acts
S 6 Contingency planning  
   
Contact: itbpm@bsi.de  

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update: October 2000