It Grundschutz Kataloge 2005 En

__________________________________________________________________________________________
2005
Foreword
The new and revised version of the IT-Grundschutz Manual is the result of complete restructuring and a new international orientation.
What can you expect? The answer is - a great deal! With the new ISO 27001 standard it is now also possible to certify information security management systems. In response to this international standard, the BSI has revised the IT-Grundschutz Methodology, the certification scheme and the IT- Grundschutz Catalogues to ensure that the IT-Grundschutz Certificate meets all its requirements. Overall risk management is also more closely focused on. Information security is therefore implemented on the basis of business processes.
Although a number of new features have been included, the track-proven elements remain unchanged: Standard security safeguards and instructions on the implementation of IT-Grundschutz in an organisation are still included. Individual modules assist in improving the security level of IT environments and simplifying the elaboration of IT security concepts. The safeguards are based on
protection requirements, which are adequate for most IT application environments. They are based on the IT-Grundschutz Methodology, which is now available in a separate document. A number of additional resources such as the GSTOOL round out the IT-Grundschutz Methodology and the IT- Grundschutz Catalogues.
With this revised version of the IT-Grundschutz Catalogues the BSI has succeeded in making yet another important contribution to improving the security standards of IT applications. As a result, involved analyses are no longer necessary to determine security deficits and define appropriate safeguards, but only a comparison of the actual and target conditions. The IT-Grundschutz Catalogues will also continue to be updated annually to keep pace with the speed of development in the IT sector in the future. I would like to thank you for the many suggestions for improvement - both those you have already submitted and those you will contribute in the future!
Bonn, November 2005

__________________________________________________________________________________________
2005
Note:

2005
Acknowledgments
The IT-Grundschutz Catalogues will be developed further to meet the requirements expressed by registered users during the annual assessment. Thanks are due to the following persons who assisted in the further development of IT-Grundschutz and gave their committed support to continuation of the 7th Supplement to the IT-Grundschutz Catalogues:
- Overall co-ordination Ms. Isabel Münch, BSI
- Editorial work and hotline Ms Elke Cäsar, BSI Ms Gabriele Scheer-Gumm, BSI Ms Petra Simons-Felwor, BSI
- Module B 1.13 IT Security Awareness and Training
Ms Isabel Münch, BSI Dr Lydia Tsintsifa, BSI
- Module B 3.209 Windows XP client Mr Albert Vetter, Eurosec Mr Thomas Caspers, BSI Dr Lydia Tsintsifa, BSI
- Module B 2.10 Mobile Workstation Ms Isabel Münch, BSI Mr Frank Weber, BSI
- Module B 2.11 Meeting, Event and Training Rooms
Ms Isabel Münch, BSI Mr Frank Weber, BSI
- Revision of module B 1.0 IT Security Management
Ms Isabel Münch, BSI Ms Angelika Jaschob, BSI Dr Harald Niggemann, BSI Dr Lydia Tsintsifa, BSI Ms Steffi Botzelmann, BSI
- Revision of module B 1.1, Organisation Ms Gabriele Scheer-Gumm, BSI
- Revision of module B 1.2, Personnel Ms Gabriele Scheer-Gumm, BSI
- Revision of module B 3.101 General Server Mr Thomas Häberlen, BSI Mr Holger Schildt, BSI Dr Lydia Tsintsifa, BSI
- Revision of module B 3.201 General Client Mr Thomas Häberlen, BSI Mr Holger Schildt, BSI Dr Lydia Tsintsifa, BSI
- Revision of module B 3.203, Laptop Computer Mr Gerhard Weck, INFODAS Ms Isabel Münch, BSI
- Quality assurance Mr Gerhard Weck, INFODAS Mr Marcel Birkner, BSI

2005
Many thanks are also due to those who have contributed to improving the IT-Grundschutz and the IT- Grundschutz Catalogues with their constructive criticism and practical suggestions for improvement.
The persons and organisations listed below were involved in updating and the further development of previous versions of the IT-Grundschutz Manual. Their contributions are hereby also acknowledged with thanks:
- Atos Origin Mr Herbert Blaauw, Mr Matthias Mönter Mr Götz, Mr Jaster, Mr Pohl
- ConSecur GmbH Mr Nedon, Mr Eckardt
- Daimler-Benz AG Mr Heinle, Mr Schlette
- European Commission Information Society Directorate-General Mr Achim Klabunde
- EUROSEC GmbH Mr Fünfrocken Dr Zieschang
- The Protestant Church of Westphalia, The State Church Administrative Office Mr Huget
- Flughafen Düsseldorf GmbH Mr Andreas Peters
- GUIDE SHARE EUROPE "Data Protection and Data Security" Study Group
- Henkel KGaA Mr Rhefus
- INFODAS Dr Weck
- Mink Consulting Engineers
- Ministry of the Interior of the state of Schleswig-Holstein Mr Kuhr
- State Commissioner for Data Protection in Saarland Mr Simon
- Novell
- Oracle
- Röhm GmbH chemical factory Data Protection Officer Mr Güldemeister
- T-Systems International GmbH Mr Stephan Hüttinger, Mr Torsten Kullich, Mr Klaus Müller, Mr Stefan Morkovsky, Mr Axel
Nennker
- GH University of Essen, Faculty of Information Management Professor Dr Vossbein
- University Hospital of Dresden Technical University Orthopaedics Clinic Mr Frank Heyne
- Verband der Chemischen Industrie e. V.
- VZM GmbH Mr Bruno Hecht, Mr Werner Metterhausen, Mr Rainer von zur Mühlen
- Central Data Processing Centre for Saarland Mr Miller
The following authors have written modules for the IT-Grundschutz Catalogues, thereby contributing their expertise to its compilation. They deserve special thanks, as the creation and development of the IT-Grundschutz Catalogues was only possible with their commitment.
Federal Ministry of the Interior: Mr Jörg-Udo Aden, Mr André Reisen, Mr Manfred Kramer
Ministry for Education, Science and Further Education: Mr Frank Stefan Stumm

2005

2005
0 General information
Foreword by the President Acknowledgments Contents What’s new in the 2005 version of the IT-Grundschutz-Catalogues
1 IT-Grundschutz - the basis for IT security
1.1 Why is IT security important? 1.2 IT-Grundschutz: Aims, concept and design 1.3 Structure of the IT-Grundschutz-Catalogues 1.4 Using the IT-Grundschutz-Catalogues
2 Layer model and modelling
2.1 Modelling in accordance with IT-Grundschutz 2.2 Assignment on the basis of a layer model
3 Roles
4 Glossary
Module catalogues
Layer 1 Generic aspects

2005
Layer 2 Infrastructure
B 2.1 Buildings B 2.2 Cabling B 2.3 Office B 2.4 Server room B 2.5 Data media archives B 2.6 Room for technical infrastructure B 2.7 Protective cabinets B 2.8 Workind place at home B 2.9 Computer centre B 2.10 Mobile working place B 2.11 Meeting, event and training rooms
Layer 3 IT systems
B 3.101 General server B 3.102 Unix server B 3.103 Windows NT server B 3.104 Novell Netware 3.x server B 3.105 Novell Netware version 4.x server B 3.106 Windows 2000 server B 3.107 S/390 and zSeries mainframes
B 3.201 General client B 3.202 General standalone IT system B 3.203 Laptop computer B 3.204 Unix client B 3.205 Windows NT client B 3.206 Windows 95 client B 3.207 Windows 2000 client B 3.208 Internet PC B 3.209 Windows XP client
B 3.301 Security gateway (Firewall) B 3.302 Routers and switches
B 3.401 PBX (private branch exchange) B 3.402 Fax machine B 3.403 Answering machine B 3.404 Mobile phone B 3.405 PDA
Layer 4 Networks

2005
Layer 5 IT applications
B 5.1 Peer-to-peer services B 5.2 Exchange of data media B 5.3 E-mail B 5.4 Web server B 5.5 Lotus Notes B 5.6 Fax server B 5.7 Databases B 5.8 Telecommuting B 5.9 Novell eDirectory B 5.10 Internet information server B 5.11 Apache Web server B 5.12 Exchange 2000 / Outlook 2000
Threat catalogues
G 1 Force majeure G 2 Organisational shortcomings G 3 Human error G 4 Technical failure G 5 Deliberate acts
Safeguard Catalogues

2005
What’s new in the 2005 version of the IT-Grundschutz Catalogues
Restructuring of the IT-Grundschutz Manual
In this issue of the IT-Grundschutz Manual various sections have been restructured. The most obvious difference is that the description of the Grundschutz Methodology and the IT-Grundschutz Catalogues have been separated. In addition, a large number of minor and more major modifications have been made in response to the users at home and abroad. Numerous individual threats and safeguards have, for example, been updated to reflect new technical developments, new threat scenarios and new developments in IT security.
The numbering of existing threats and safeguards has been retained so that a security policy prepared on the basis of the IT-Grundschutz Catalogues does not require revision.
International development
Not only the standards ISO 13335 and ISO 17799 have been revised by the international standards organisation ISO, but it is now possible to certify IT security management systems. To this purpose the standard ISO 27001 was passed as the basis for certification.
In 2002 the BSI established the certification of business processes and IT assets on the basis of IT- Grundschutz. All IT-Grundschutz users should still be given the option to have thorough implementation of IT-Grundschutz confirmed with an IT-Grundschutz certificate. However, to ensure that the IT-Grundschutz certificate also meets the requirements of the international standard ISO 27001, the IT-Grundschutz methodology, the certification scheme and the IT-Grundschutz Catalogues have been modified to meet these requirements.
IT-Grundschutz certification (or now: ISO 27001 certification on the basis of IT-Grundschutz) encompasses both inspection of IT security management as well as the concrete IT security safeguards on the basis of IT-Grundschutz. It also includes ISO certification to ISO 27001, but is more informative than a purely ISO-based certification due to the additional technical aspects which are inspected. Licensing of IT-Grundschutz auditors has also been amended, and auditors licensed by BSI meet all ISO requirements for auditors for an information security management system.
BSI standards
The BSI has started establishing a series of documents with standards relating to various areas of information security. These include the following BSI standards:
BSI-Standard 100-1: Information Security Management Systems
BSI-Standard 100-2: IT-Grundschutz Methodology
BSI-Standard 100-3: Risk Analysis Based on IT-Grundschutz
In addition the document "Certification conforming to ISO 27001 based on IT-Grundschutz" describes the examination and licensing scheme for auditors.
Module B 1.0 IT security management of the IT-Grundschutz Catalogues has also been amended to ensure improved compatibility with other international standards.
New structure of the IT-Grundschutz Catalogues

2005
In addition the Grundschutz modules have been adapted to the layer model of IT-Grundschutz, and the module descriptions have been updated and co-ordinated to ensure a uniform structure.
The IT-Grundschutz modules are based on a layer model which serves to
- facilitate mapping of modules of the IT-Grundschutz Catalogues on complex IT assets, grouped according to specific topics and
- avoid redundancies by dealing with generic aspects and joint infrastructural questions separately from the IT systems.
The various layers have been defined such that responsibilities for the aspects under consideration are also grouped. Layer 1 is concerned with fundamental issues relating to the use of IT, layer 2 with site technical services, layer 3 with matters concerning administrators and IT users, layer 4 with matters concerning the network and system administrators, and finally layer 5 with matters concerning those responsible for the IT applications or their operation.
Breaking down the security aspects into layers facilitates updating and extension of individual subject areas within the ensuing IT security concepts without having any significant effect on other layers.
Each module is assigned to a layer. This assignment is now reflected in the structure of the IT- Grundschutz Catalogues.
In each module an overview in the form of a "life cycle" is given for the respective topic before a list of the specified safeguards. This describes which safeguards are to be executed in which processing
phase. Planning and design, procurement (when appropriate), implementation, operation, decommissioning and disposal (if required) and also contingency planning are defined as life cycle
phases.

__________________________________________________________________________________________
1.1
security
1.1 Why is IT security important?
In the modern world hardly any company or public agency is able to exist without a functioning information technology system (IT). These IT systems must also be run securely. The IT-Grundschutz Catalogues are a recognised standard reference work containing recommendations for secure handling of information and IT in a wide range of IT environments.
Today almost all business processes and specialist assignments are electronically controlled. Large quantities of information are digitally saved, electronically processed and communicated in both local and global networks as well as in private and
public ones. In the meantime it is almost impossible to handle many tasks or projects in both the private and public sectors without IT, or in the most favourable circumstances they can only be dealt with to a limited degree. Consequently, many public or private sector organisations are totally dependent on the correct functioning of their IT assets. The respective objectives of the public agency or company can only be achieved if the IT systems are used correctly and securely.
As organisations become more dependent on IT, the potential social damage which could be caused by the failure of IT resources increases. As IT resources themselves are not without their vulnerabilities, there is a justifiably great interest in protecting the data and information processed by IT assets, and also in planning, implementing and monitoring the security of these assets.
The potential damage which could result from malfunction or failure of IT assets can be assigned to several categories. The most obvious of these is loss of availability. If an IT system is down, it is not
possible to transfer money, online orders are impossible and production processes grind to a halt. Another issue which is frequently discussed is the loss of confidentiality of data. All citizens are aware of the necessity of maintaining the confidentiality of personal data, and every company knows that confidential data concerning sales, marketing, research and development would be of interest to competitors. The loss of integrity (the corruption or falsification of data) is another issue which can have major consequences. Forged or corrupt data result in incorrect accounting entries, production
processes stop if the wrong or faulty materials are delivered, while errors in development and planning data lead to faulty products. For some years the loss of authenticity has also been gaining in importance as an element of integrity ¿ data are assigned to the wrong person. For example, payment instructions or orders could be processed such that they are charged to a third party, digital declarations of intent that have not been properly protected could be attributed to the wrong persons, "digital identities" are falsified.
In the process, this dependency on IT will continue to increase in the future. Developments worthy of particular mention include the following:
- Increasing degree of networking: IT systems today no longer function in isolation but are becoming increasingly networked. Networking makes it possible to access shared data resources and to work closely with people in other parts of the world. This, in turn, leads not only to dependence on the individual IT systems but also on the data networks to a great degree. On the other hand, this means that security deficiencies in an IT system can rapidly have global effects.

__________________________________________________________________________________________
1.1
There are now, for example, jackets with integrated PDAs, RFIDs for controlling flows of pedestrians or goods, IT-supported sensor systems in cars which enable automatic reaction to changes in surroundings. Communication of the various IT components among one another is now increasingly wireless.
- Disappearance of network borders: Until recently it was possible to draw clear borders between the IT systems and the communication routes between them. It was also possible to ascertain at which sites and in which organisation these were located. As the result of globalisation and the growing use of wireless and spontaneous communication, these borders are increasingly disappearing.
- Attacks occur more rapidly: The best protection against computer viruses, worms or other attacks on IT systems is timely information on security gaps and how to close them, for example with
patches and updates. In the meantime, however, the period of time which elapses between the detection of a security gap and the first selective mass attacks is decreasing, and it is therefore increasingly important to have a well-established IT security management and warning system.
In view of the potential threats outlined above and the increasing dependence on IT resources, every - organisation, whether a company or a public agency, must ask itself several key questions regarding IT security:
- How secure are the IT assets of the organisation?
- Which IT security safeguards are necessary?
- How do these safeguards need to be implemented specifically?
- How can an organisation maintain and/or improve the level of security it has attained?
- How secure are the IT assets of other organisations with which the organisation co-operates?
When seeking answers to these questions, it should be noted that IT security is not simply a technical issue. Protection of an IT system to the level of security that is needed requires not only the implementation of technical safeguards, but also safeguards covering organisational, personnel and
building infrastructural aspects. And it is also especially important to establish an IT security management system which will be responsible for designing, co-ordinating and monitoring the IT security-related tasks.
If the IT assets of all organisations are compared on the basis of these questions, a special group of IT assets emerges. The IT systems in this group can be characterised as follows:
- They are typical IT systems, i.e. these systems are not individual solutions, but are in widespread use.
- The protection requirements of the IT systems with regard to confidentiality, integrity and availability are within a normal scope.
- The secure operation of the IT systems requires standard security safeguards from the fields of infrastructure, organisation, personnel, technology and contingency planning.
If it were possible to identify a common set of security measures for this group of "typical" IT systems - a set of standard security safeguards - then this would significantly facilitate finding answers to the above questions for such "typical" IT systems. IT systems which are outside this group, possibly

__________________________________________________________________________________________
1.1
The IT-Grundschutz Catalogues describe these standard security safeguards in detail, and principally - all IT systems should comply with these. These include the following:
- Standard security safeguards for typical IT systems with "normal" protection requirements,
- A description of the threat scenario which is globally assumed,
- Detailed descriptions of safeguards to assist with their implementation,
- A description of the process involved in attaining and maintaining an appropriate level of IT security and
- A simple methodology for ascertaining the level of IT security attained by comparing the target with the actual system status.
The response to this is very positive. On the BSI Website there is an extract from the list of organisations which employ IT-Grundschutz. This list provides a summary of the industries, companies and public agencies in which IT-Grundschutz is applied.

__________________________________________________________________________________________
1.2
1.2 IT-Grundschutz: Objective,
concept and design
Standardised security safeguards for typical IT systems are recommended in the IT-Grundschutz Catalogues. The objective of these IT-Grundschutz recommendations is to achieve a security level for IT systems which is reasonable and adequate to satisfy normal protection requirements and which can also serve as the basis for IT systems and applications requiring a high degree of
protection. This is achieved by means of appropriate application of standard organisational, personnel, infrastructural and technical standard security safeguards.
To facilitate the preparation and structuring of the very heterogeneous aspects of IT including system environments, IT-Grundschutz follows a modular principle. The individual modules reflect typical areas of IT use, such as client-server networks, buildings, communication and application components. Each module begins with a description of the typical threats which may be expected in the given area together with their assumed probability of occurrence. This "threat scenario" provides the basis for generating a specific package of measures from the areas of infrastructure, personnel, organisation, hardware, software, communications and contingency planning.
The IT-Grundschutz Methodology is helpful for drawing up IT security concepts simply and with minimum work input. With the traditional risk analysis approach, the threats are initially identified and their likelihood of occurrence is assessed, and the results of this analysis are then used to select the appropriate IT security safeguards, following which the residual risk can be assessed. When risk assessment is performed in accordance with IT-Grundschutz, only a target/actual comparison is
performed between the recommended measures and those already implemented. This comparison reveals any missing safeguards or those which have not yet been implemented, thereby pinpointing security shortcomings which need to be remedied by implementation of the recommended safeguards. An additional security analysis is only necessary in the case of significantly higher security requirements. However, it is generally sufficient to supplement the recommended safeguards in the IT- Grundschutz Catalogues with the relevant, individual, higher quality safeguards. A simple procedure for this purpose is described in the BSI document entitled "Risk Analysis Based on IT-Grundschutz".
Even if there are special components or application environments that are not adequately discussed in the IT-Grundschutz Catalogues, they are still a valuable working aid. The required supplementary security analysis can concentrate on the specific threats and security safeguards for these components or framework conditions.
The safeguards listed in the IT-Grundschutz Catalogues are standard safeguards, i.e. safeguards that are to be implemented for each module according to the state of the art in order to achieve an adequate
basic level of security. In this context the safeguards required for IT-Grundschutz certification represent the minimum reasonable safety precautions which are necessary in all cases. The safeguards marked as "additional" have also proved their worth in practice, but are aimed at applications with higher protection requirements.
Security concepts based on IT-Grundschutz can be of compact design, as it is only necessary to refer to the corresponding safeguards in the IT-Grundschutz Catalogues in the concept.

__________________________________________________________________________________________
1.2
To facilitate implementation of the safeguards, the IT-Grundschutz catalogues and most information on IT-Grundschutz are also available in digital form. In addition, implementation of the safeguards is also supported by additional resources and sample solutions provided in part by BSI and in part by users of IT-Grundschutz.
As information technology is a highly innovative field and constantly subject to further development, the present Catalogues are designed for simple updating and supplementation. The BSI continuously updates and supplements the IT-Grundschutz Catalogues to include new topics on the basis of user surveys.

__________________________________________________________________________________________
1.3
Catalogues
The IT-Grundschutz Catalogues can be divided into various fields which are described below for better comprehension:
Introduction and methodology
This introductory section briefly describes the design of IT-Grundschutz and the methodology for the creation of security concepts on the basis of IT-Grundschutz. A detailed description of the methodology of IT- Grundschutz is given in BSI standard 100-2. In addition the structure of the IT-Grundschutz Catalogues and their use is explained
IT security management
The planning and guidance work required to create a well-designed and scheduled IT security process and ensure its continuous implementation is referred to as IT security management.
Experience has shown that without a well-functioning IT management system it is practically impossible to achieve a consistent and adequate IT security level. For this reason the BSI standard 100-1 "Information Security Management Systems (ISMS)" describes how such a management system should be created.
Using this as a basis, module B 1.0 of the IT-Grundschutz Catalogues also describes the structure of an efficient IT security management system and which organisational structures are appropriate. In addition, a systematic path is shown for setting up a functional IT security management system and how this can be developed further in ongoing operations.
Modules
The modules of the IT-Grundschutz Catalogues each contain a brief description of the reviewed - components, the methodology and IT systems as well as an overview of threat scenarios and the recommended safeguards. The modules are grouped in the following catalogues in accordance with the IT-Grundschutz layer model:
B 1: Generic aspects of IT B 2: Security of the infrastructure B 3: Security of the IT systems B 4: Security in the network B 5: Security of applications
Threat catalogues
This section contains detailed descriptions of the threats included in the threat scenarios for the individual modules. The threats are grouped into five catalogues:

__________________________________________________________________________________________
1.3
Safeguard Catalogues
This section describes the IT security safeguards quoted in the modules of the IT-Grundschutz Catalogues in detail. The safeguards are grouped into six catalogues:
S 1: Infrastructure S 2: Organisation S 3: Personnel S 4: Hardware and software S 5: Communication S 6: Contingency planning
Module structure
The modules, which all have the same structure in principle, are the most important part of the IT- Grundschutz Catalogues. Each module starts with a brief description of the components, the methodology and the IT system under review.
The threat scenarios are then described. The threats are divided into the previously mentioned categories of force majeure, organisational shortcomings, human error, technical failure and deliberate acts.
In order to ensure clear structuring of the modules and to prevent redundancies, the threat texts are only referenced. An example is provided of how a threat would be cited within a module:
- T 4.1 Disruption of power supply
In the code T x.y, the letter "T" stands for "threat". The number x before the decimal point refers to the Threats Catalogue (in this case T 4 = Technical failure), and the number y after the decimal point is the serial number of the threat within the respective catalogue. This is followed by the name of the threat. Users are advised to read the text of the referenced threat for reasons of comprehension and familiarisation with the safeguards, but this is not absolutely essential for drawing up an IT security concept on the basis of IT-Grundschutz.
The recommended safeguards, which are listed after the section on the threat scenario, constitute the major part of a given module. Brief information on the respective safeguard package is first provided. Thus, these statements contain, for example, information on the recommended sequence for implementation of the necessary safeguards.
An overview is given in each module for the reviewed topic before the safeguard list in the form of a "life cycle", describing which safeguards should be implemented during which phase to which

__________________________________________________________________________________________
1.3
Planning and design - Definition of the intended purpose - Stipulation of application scenarios - Assessment of potential risks - Documentation of the application decision - Compilation of the IT security concept - Determination of guidelines for use
Procurement (if necessary)
- Stipulation of the demands on the procured products (if possible on the basis of the scenarios for use during the strategy phase)
- Selection of suitable products
Implementation - Design and implementation of test operation - Installation and configuration according to the security guideline - Training and awareness raising of all personnel involved
Operation - Security safeguards for ongoing operation (e.g. logging) - Continuous maintenance and further development - Change management - Organisation and execution of maintenance work - Audit
Disposal (if necessary) - Withdrawal of authorisation - Removal of data and reference to these data - Safe disposal of data media
Contingency planning - Design and organisation of data backups - Use of redundancy to increase availability - Appropriate handling of security incidents - Compilation of a contingency plan
Safeguards are not given for all phases of all modules. There is, for example, no safeguard given in the procurement phase of the IIS-server module, as this module is based on the implementation of the Web server module, and in this case the selection of a product has already been decided on.
As all business processes, IT systems and conditions for use are subject to constant change and further development, experience has shown that the phases must be run through repeatedly. This must be ensured by IT security management.
In a manner analogous to that used for the threats, the safeguards are grouped according to the headings in the Safeguards Catalogues, i.e. in this case, under the headings Infrastructure, Organisation, Personnel, Hardware & Software, Communication and Contingency Planning. The same
procedure is followed as for handling threats, i.e. in each case only a reference is provided to the relevant safeguard. An example is provided below showing how a recommended safeguard would be cited within a module:
- S 1.15 (A) Closed windows and doors

__________________________________________________________________________________________
1.3
With the letter in brackets - here (A) - each safeguard is assigned a classification indicating whether it is required for Grundschutz Qualification. The following classifications are provided:
A (Entry) These safeguards must be implemented for all three types of qualification in accordance with IT-Grundschutz (self-declaration entry level, self declaration continuation level and IT-Grundschutz Certificate). These safeguards are essential for security in the respective module. Implementation of these safeguards should be given top priority.
B (Continuation level)
These measures must be implemented for the self-declaration continuation level and for the IT-Grundschutz Certificate. They are particularly important for establishing IT security which can be monitored. They should be implemented speedily.
C (Certificate) These safeguards must be implemented for the IT-Grundschutz Certificate. They are important for rounding off IT security. If bottlenecks prevent immediate implementation, they can be deferred until later.
Z (Additional) It is not mandatory for these measures to be implemented either for a self-declaration or for the IT-Grundschutz Certificate. They are supplements which can be required, especially in the case of high security requirements.
In order to be able to draw up an IT security concept on the basis of the IT-Grundschutz Safeguard Catalogues and perform the required target/actual comparison, it is necessary to read the texts on the safeguards in the modules identified in the relevant Safeguards Catalogue carefully. An example is - given below with an excerpt from one of the safeguards:
S 2.11 Provisions governing the use of passwords
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Management, Users
[Text of the safeguard...]
Additional questions:
[...]
The safeguard texts must be implemented in the intended sense. They are written in a manner such that they can be applied to as many fields as possible. Before the safeguard recommendations are implemented, whether they have to be adapted to the respective organisation or IT environment must always be considered. All changes should be documented so that the reasons are comprehensible at a later date.
In addition to the actual recommendation as to how the various safeguards should be implemented, various persons who should bear responsibility are named as examples. Initiation responsibility refers to the persons or roles who/which should typically initiate the implementation of a safeguard.
Responsibility for implementation is given to the person/roles who or which should implement the safeguard.

__________________________________________________________________________________________
1.3
The link between the threats assumed for IT-Grundschutz and the recommended safeguards is shown in the Safeguard-Threat Tables. These are shown on the Grundschutz pages of the BSI Website. There is a Safeguard-Threat Table for each module.
Here is an example from the Safeguard-Threat Table for module B 2.10 Mobile workplace:
Priority/Seal T 1. 15
S 1.45 1 A X X X X X
S 1.46 1 Z X
S 1.61 1 A X X X X X
All tables have the same structure. The column headings show the threats listed in the corresponding modules together with their numbers. The column on the far left shows the numbers of the safeguards. Column 2 shows the priority assigned to a given safeguard in the respective module. Column 3 shows the classification of the individual safeguard for the respective module with regard to Grundschutz Qualification.
The other columns show the relationship between safeguards and threats. An "X" in a cell means that the corresponding safeguard is effective against the relevant threat. The effect of the safeguard may be either of a preventative nature or aimed at mitigating the loss or damage.
It must be taken into consideration that only the most important threats against which a specific safeguard is effective are listed in the Safeguard-Threat Tables. This means in particular that a safeguard is not automatically superfluous if all threats assigned in the table are not relevant for a certain application. It must always be decided and documented separately for each individual case whether a standard security safeguard is not necessary on the basis of the overall security design and not only on the basis of the Safeguard-Threat Table.

1.4
Catalogues
An entire series of actions must be performed to enable successful establishment of a continuous and effective IT security process. The IT-Grundschutz Methodology and the IT-Grundschutz Catalogues provide information on the methods and practical implementation resources. It also contains possible solutions for different tasks relating to IT security, such as drawing up an IT security concept, security audits and certification. Appropriate use of the IT-Grundschutz Catalogues depends on the respective task at hand. This section is intended to facilitate familiarisation with the various procedures. To this purpose cross references are provided to the relevant chapters of the IT-Grundschutz Manual.
IT security process and IT security management
In recent years both public and private sector organisations have become significantly more dependent on correctly functioning information technology systems. An increasing number of business processes are either being automated or interact with information technology systems. There is no sign of a change in this trend in the foreseeable future. IT security must therefore be viewed as an integral element of the primary task. The following action plan contains all the essential steps which are necessary for a continuous IT security process, and should therefore be viewed as a scheduled and effective method of achieving and maintaining a satisfactory level of IT security.
- Initiation of the IT security process:
- Acceptance of responsibility by management
- Designing and planning of the IT security process
- Establishment of an IT security organisation
- Provision of resources for IT security
- Elaboration of an IT security design
- Implementation of the IT security design
- Implementation of the IT security safeguards
- Integration of all employees in the IT security process
- Maintaining IT security and continuous improvement

1.4
Diagram: Initiation of the IT security process
This is described in detail in the document IT-Grundschutz Methodology. In addition an overview of the IT security process is shown in the module B 1.0 IT Security Management , and a detailed explanation of the individual actions is given in the form of recommended standard safeguards.
A series of steps is necessary to create an IT security design on the basis of IT-Grundschutz. A brief overview is given below.
IT structure analysis
IT assets refers to all the infrastructural, organisational, personnel and technical components which assist in the performance of tasks in a particular area in which information processing is performed. IT assets can refer to all the IT assets in an organisation or to individual areas defined in terms of organisational structures (e.g. departmental network) or shared business processes or IT applications (e.g. personnel information system).
To create an IT security concept and especially for use of IT-Grundschutz, it is necessary to analyse and document the structure of the existing IT assets. Given that IT systems today are commonly linked together in networks, the use of a network topology plan is recommended as the starting point for the analysis. The following aspects must be considered:

1.4
The individual steps in the IT structure analysis are described in detail in Section 4.1 of the IT- Grundschutz Methodology in the form of actions to be taken.
Assessment of protection requirements
The aim of the assessment of protection requirements is to ascertain which protection is adequate and reasonable for the information and the IT assets used. The potential damage which could occur as a result of loss of confidentiality, integrity or availability is examined for each application and the information processed. It is important to realistically assess potential consequential damage. Classification into three protection requirements categories - "normal", "high" and "very high" - has
proven successful in the past. Explanations and practical information on assessment of protection requirements are dealt with in Chapter 4.2 of the IT-Grundschutz Methodology.
Modelling
During the next step, the modelling stage, the modules in the IT-Grundschutz Catalogues must then be mapped onto the various components which make up the IT assets.
Chapter 4.3 of the IT-Grundschutz Methodology describes how modelling of IT assets with modules from the IT-Grundschutz Catalogues should be performed. Detailed notes on the use of the layer model and modelling in accordance with IT-Grundschutz are given in the "Modelling" chapter. Section 4.4 of the IT Grundschutz Methodology describes how the subsequent target/actual comparison is performed with a basic security check.
Basic security check
The basic security check is an organisational instrument which provides a fast overview of the existing IT security level. Interviews are used to establish the status quo of an existing set of IT assets (modelled according to IT-Grundschutz) in relation to the extent to which the security safeguards contained in the IT-Grundschutz Catalogues have been implemented. The outcome of this check is an overview in which the implementation status of each of the relevant safeguards is classified as "Unnecessary", "Yes", "Partially" or "No". By identifying safeguards which have not yet been implemented or have only been partially implemented it is possible to determine where there is scope for improving the security of the IT assets concerned. Section 4.4 describes an action plan for
performing a basic security check. This takes both the organisational aspects and also the technical requirements during project implementation into account.
IT security audit
The security safeguards contained in the IT-Grundschutz Catalogues can also be used for carrying out an audit of IT security. To this purpose the same procedure as for the basic security check is recommended. Drawing up a customised checklist for each module using the safeguard texts is helpful and reduces the workload. This facilitates auditing and frequently improves the repeatability of results.
Additional IT safeguards
The standard IT-Grundschutz Security Safeguards normally provide appropriate, adequate protection. However, if the protection requirement is high or very high, it may be necessary to check whether more stringent IT security safeguards are needed either in addition to or instead of the safeguards. Appropriate safeguards for areas that have higher protection requirements should be selected on the
basis of additional security analyses.
One method for this is described in the BSI-Standard 100-3 "Risk analysis based on IT-Grundschutz".
Implementation of IT security concepts

1.4
with the implementation schedule. It is very important that all necessary safeguards are strictly implemented. Chapter 4.6 of the document on IT-Grundschutz Methodology describes the aspects which must be taken into account when planning the implementation of IT security safeguards.
IT-Grundschutz Certification
The IT-Grundschutz Methodology and the IT-Grundschutz Catalogues are not only used for the IT security design, but also frequently as a reference in terms of a security standard. By achieving IT- Grundschutz Certification an organisation can provide documentary evidence for internal and external use that it has implemented IT-Grundschutz to the depth required.

__________________________________________________________________________________________
2.1
2.1 Modelling in accordance with IT-
Grundschutz
During the implementation of IT-Grundschutz the reviewed IT assets must be mapped with the aid of the existing modules, i.e. the relevant security safeguards collated from the IT-Grundschutz Catalogues. The IT structure analysis and protection requirement assessment results are required to this purpose. On this basis an IT- Grundschutz model for the IT assets is compiled which comprises various modules, some of which are used more than once, and which includes a diagram of the modules and the security-related aspects of the IT assets.
It is irrelevant for the created IT-Grundschutz model whether the IT assets consist of IT systems which are already in use or whether the IT assets in question are still at the planning stage. The model can, however, be used in different ways.
- The IT-Grundschutz model of existing IT assets identifies the relevant standard security safeguards with the modules employed. It can be used in the form of a test plan for carrying out a target/actual comparison.
- In contrast the IT-Grundschutz model for a planned set of IT assets constitutes a development
concept. Using the selected modules, it specifies which standard security safeguards must be implemented when the IT assets are taken into operation.
The diagram below shows the role of modelling and its possible outcomes:
Diagram: Result of IT-Grundschutz modelling

__________________________________________________________________________________________
2.1
In order to depict IT assets, which are often complex, with the aid of IT-Grundschutz modules, it is - advisable to view the IT security aspects grouped according to specific topics.
Diagram: Layers of the IT-Grundschutz model
The IT security aspects of IT assets are assigned to the individual layers as follows:
- Layer 1 covers the generic IT security aspects which apply equally to all or most of the IT assets. This applies in particular to generic concepts and the resulting regulations. Typical Layer 1 modules include "IT security management", "Organisation", "Data backup concept" and "Computer virus protection concept".
- Layer 2 covers all the constructional, physical issues. Aspects of infrastructural security are combined in this layer. This affects, for example, the building, server room, protective cabinet, and home-based workstation modules.
- Layer 3 deals with the individual IT systems in the IT assets that have been grouped together as required. The IT security issues of clients, servers and standalone systems are dealt with here. This layer covers, for example, the PBX (private branch exchange), laptop computer and Windows 2000 client modules.
- Layer 4 examines the networking aspects which mainly concern the network connections and communication, and not specific IT systems. These include, for example, the heterogeneous networks, modem and remote access modules.
- Layer 5 then deals with the actual IT applications used by the IT assets. This layer can also include, for example, the modules for e-mail, web server, fax server and databases for modelling.
IT-Grundschutz modelling entails determination of the modules of a given layer whether and how they can be used to map the IT assets. Depending on the respective module the objects which are mapped in this way can vary: Individual business processes or components, groups of components, buildings,
properties, organisational units, etc.
The procedure for modelling a set of IT assets is described in detail below. Particular importance is attached in this case to any constraints which apply, when a given module should be used and to which target objects it should be applied.

__________________________________________________________________________________________
2.2
model
When modelling a set of IT assets it is recommended that the modules be assigned in accordance with the layer model. This is then followed by a check to ensure completeness.
Layer 1: Generic IT security aspects
In this layer all aspects of the IT assets which apply to each individual component are modelled. The primary elements under consideration here are concepts and regulations derived from these concepts. These aspects should be controlled uniformly for the entire set of IT assets so that in most cases the relevant modules only then have to be applied once to the entire set of IT assets. IT security management, organisation of IT operations, training and promotion of staff awareness are particularly important in this case. Implementation of the relevant safeguards is of fundamental importance for the secure use of information and communications technology. The relevant modules must always therefore be applied, irrespective of the technical components used.
- Module B 1.0 IT Security Management should be applied once for all IT assets. Correctly functioning IT security management is an essential basis for achieving an appropriate level of security. In the case of outsourcing special rules apply for the use of this module, which are described in detail in the BSI document "IT-Grundschutz Certification of outsourced components".
- Module B 1.1 Organisation must be applied at least once for each set of IT assets. If some of the IT assets under consideration are assigned to a different -organisation or organisational unit and are therefore subject to different framework conditions, the module should be applied -separately to each organisation or organisational unit. In the case of outsourcing special rules apply for the use of this module, which are described in detail in the BSI document "IT-Grundschutz certification of outsourced components".
- Module B 1.2 Personnel must be applied at least once for each set of IT assets. If some of the IT assets under consideration are assigned to a different -organisation or organisational unit and are therefore subject to different framework conditions, the module should be applied -separately to each organisation or organisational unit. In the case of outsourcing special rules apply for the use of this module, which are described in detail in the BSI document "IT-Grundschutz certification of outsourced components".
- Module B 1.3 Contingency Planning must at least be used if any components have been identified during the protection requirements assessment as requiring high or very high protection regarding availability, or if relatively large IT systems and/or extensive networks are in use. Particular attention should be given to these components when working through the module. In the case of outsourcing special rules apply for the use of this module, which are described in detail in the BSI document "IT-Grundschutz certification of outsourced components".
- Module B 1.4 Data Backup Policy must be used once for the entire set of IT assets.
- Module B 1.6 Concept of computer virus protection must be applied once for the entire set of IT assets.

__________________________________________________________________________________________
2.2
- Module B 1.8 Handling of security incidents should at least be used if any components have been identified in the protection requirements assessment as having high or very high protection requirements regarding one of the three fundamental values, or where failure of the entire set of IT assets would result in damage in the categories "high" or "very high". In the case of outsourcing special rules apply for the use of this module, which are described in detail in the BSI document "IT-Grundschutz certification of outsourced components".
- Module B 1.9 Hardware- and Software-Management must be applied at least once for each set of IT assets. If some of the IT assets under consideration are assigned to a different organisation or organisational unit and are therefore subject to different framework conditions, the module should
be applied separately to each organisation or organisational unit. In the case of outsourcing special rules apply for the use of this module, which are described in detail in the BSI document "IT- Grundschutz certification of outsourced components".
- Module B 1.10 Standard software must be applied at least once for the entire set of IT assets. If there are any sections of the IT assets which have different requirements or procedures with regard to the use of standard software, module B 1.10 should be applied to each of these sections separately.
- Module B 1.11 Outsourcing should be used at least when the following conditions all apply:
- IT systems, applications or business processes are outsourced to an external service provider and
- A long-term contract has been made with the service provider and
- The IT security of the customer is influenced by the service and
- The service provider also regularly performs significant IT security management tasks within the framework of the contracted services.
If different components within the set of IT assets are outsourced to different service providers, the module must be applied once to each external service provider. When this module is used special rules apply which are described in detail in the BSI document "IT-Grundschutz certification of outsourced components".
- Module B 1.12 Archiving is to be used on the IT assets when internal or external regulations require long-term archiving of electronic documents, or there is already a system for long-term archiving of electronic documents.
- Module B 1.13 IT security awareness and training must be used once for the entire set of IT assets.
Layer 2: Security of the infrastructure
The constructional conditions relevant for the respective IT assets are modelled with the aid of the modules from layer 2 "Security of the infrastructure". This entails assignment of the relevant module from the IT-Grundschutz Catalogues to every building, room or protective cabinet (or group of these components).
- Module B 2.1 Building must be used once for every building or group of buildings.

__________________________________________________________________________________________
2.2
- Module B 2.3 Office must be applied to all rooms or groups of rooms in which IT is used, for which, however, none of the modules B 2.4, B 2.5, B 2.6, B 2.8, B 2.9, B 2.10 or B 2.11 are applied.
- Module B 2.4 Server Room must be applied to every room or group of rooms in which servers or PBXs are in operation. Servers are IT systems which make services available on the network. If module B 2.9 is used for a room, the additional use of module B 2.4 is not necessary.
- Module B 2.5 Data Media Archives must be applied to each room or group of rooms in which data media are stored or archived.
- Module B 2.6 Technical Infrastructure Room must be applied to every room or group of rooms in which technical devices requiring little or no human intervention are in operation (e.g. distribution cabinet or standby power supply system).
- Module B 2.7 Protective cabinets (room) must be applied to every protective cabinet or group of protective cabinets once. Protective cabinets also can serve as an alternative to a dedicated server room.
- Module B 2.8 Working place at home must be applied once to every home-based workstation at home or a group of the same (if corresponding groups have been defined).
- Module B 2.9 Computer Centres must be applied once to every computer centre. A computer centre comprises the facilities and premises necessary to operate a large data processing system installed centrally for a number of offices. If module B 2.9 is used for a room, the additional use of module B 2.4 is not necessary.
- Module B 2.10 Mobile Workplace must always be applied if employees frequently not only work on the premises of the organisation, but also at other locations outside the organisation. Typical target objects for module B 2.10 are laptop computers.
- Module B 2.11 Meeting, event and training rooms must be applied once to each such room or group of rooms (if corresponding groups have been defined).
Layer 3: Security of the IT systems
This layer covers security aspects which refer to the IT systems. For reasons of clarity this layer is divided into servers, clients, network components and miscellaneous.
The modules relating to the "Security of the IT systems" section may be applied either to individual IT systems or to groups of such IT systems as applicable for the section "Security of the infrastructure". This is not explicitly referred to separately in the following section.
Server
- Module B 3.101 General Server must be applied to every IT system which offers services (e.g. file or print services) as a server in the network.
- Module B 3.102 Servers under Unix must be applied to each server which runs with this operating system.

__________________________________________________________________________________________
2.2
- Module B 3.106 Windows 2000 Server must be applied to every server which runs with this operating system.
- Module B 3.107 S/390 and zSeries mainframes must be applied to every mainframe computer of type S/390 or zSeries.
Note: In addition to the module applicable for the respective operating system, module B 3.101 must also always be applied to each server (and mainframe computer), as this module includes the security aspects for servers which are not platform-dependent.
Clients
- Module B 3.201 General client must be applied to every client.
- Module B 3.202 General stand-alone IT systems must be applied to each stand-alone system.
- Module B 3.203 Laptops must be applied to all mobile computers (laptops).
- Module B 3.204 Unix client must be applied to every stand-alone computer or client which runs with this operating system.
- Module B 3.205 Windows NT client must be applied to every stand-alone computer or client which runs with this operating system.
- Module B 3.206 Windows 95 client must be applied to every stand-alone computer or client which runs with this operating system.
- Module B 3.207 Windows 2000 client must be applied to every stand-alone computer or client which runs with this operating system.
- Module B 3.208 Internet PCs must be applied to every computer which is exclusively used for accessing Internet services and is not connected to the internal network of the organisation. In this specific scenario there is no need to consider any other modules of the IT-Grundschutz Catalogues for this computer (or group of computers).
- Module B 3.209 Windows XP Client must be applied to every standalone computer or client which runs with this operating system.
Note: In addition to the specific module for each operating system, either module B 3.201 or B 3.202 must also be applied to every client, as these modules include all security aspects for clients which are not platform-dependent.
Network component
- Module B 3.301 Security gateway (firewall) must always be applied if networks with different levels of trustworthiness are linked. A typical application is the protection of an external link (for example at the interface of an internal network with the Internet, or links to networks of business
partners. However, the module should be applied when two internal organisation networks with varying protection requirements are linked, for example for separating the office communication network from the network of the development department, if particularly confidential data are
processed.
- Module B 3.302 Routers and switches must be applied in any active network that is used in the IT assets.
Miscellaneous
- Module B 3.401 Telecommunications system must be applied to each Telecommuncations system
or to each corresponding group.

__________________________________________________________________________________________
2.2
- The module B 3.402 Fax Machine must be applied to every fax machine or to each corresponding group.
- The module B 3.403 Answering Machine must be applied to each answering machine or each corresponding group.
- The module B 3.404 Mobile Telephones should be applied at least once if the use of mobile phones is not principally forbidden in the organisation or organisational unit under review.
If there are several different uses for mobile phones (for example several mobile phone pools), module B 3.404 must be applied separately to each.
- The module B 3.405 PDAs should be applied at least once if the use of PDAs is not principally forbidden in the organisation or organisational unit under review.
Layer 4: Security in the network
This layer is concerned with security aspects in the network which do not only exclusively apply to specific IT systems (e.g. servers). In this case the focus is on security aspects which relate to the network connections and communication between the IT systems.
To simplify matters, it may be necessary to review sections within the overall network rather than the entire network at once. The necessary division of the overall network into sub-networks should be
based on the two criteria below:
- The assessment of protection requirements has identified connections through which specific data should never be transported under any circumstances. These connections should be viewed as "interfaces" between sub-networks, i.e. the two endpoints of such a connection should be in different sub-networks. In contrast, connections which transport data with a high or very high
protection requirement should not pass over any sub-network borders if possible. If this principle is followed, the protection requirements of the resulting sub-networks will be as uniform as possible.
- Components which are only inter-connected over a long-distance connection should not be assigned to the same sub-network, i.e. sub-networks should not extend over more than one location or
property. This is recommended both for reasons of clarity and also to ensure efficient project implementation.
If these two criteria are not suitable for dividing the overall network (for example due to the fact that some of the resulting sub-networks are either too large or too small), the main network can alternatively be divided into sub-networks on the basis of organisational criteria. In such cases the areas of responsibility of the individual administrators or teams of administrators are regarded as sub- networks.
It is not possible to make concrete recommendations for the best method of dividing the overall network into sub-networks, as the requirements stated above could be incompatible with the existing IT assets. Therefore, each case should be regarded individually to decide which division of the overall network is most practicable with regard to the applicable modules of the IT-Grundschutz Catalogues.
- Module B 4.1 Heterogeneous Networks must generally be applied to each sub-network once. However, if the sub-networks are small and several sub-networks fall within the responsibility of the same team of administrators, it may be sufficient to apply module 4.1 once to all of these sub- networks.
- Module B 4.2 Network and System Management must be applied to each network or system management system used on the IT assets under consideration.

__________________________________________________________________________________________
2.2
- Module B 4.4 Remote Access Service must be applied once wherever remote access to the internal network is possible by a route other than over a dedicated leased line (e.g. telecommuting, linking of field staff via analogue dial-up lines, ISDN or mobile phone).
- Module B 4.5 LAN connection of an IT system via ISDN must be applied to all external connections which have been realized with ISDN.
Layer 5: Security of applications
The lowest layer of the modelled IT assets includes mapping of the applications. Modern applications are seldom restricted to an individual IT system. Core applications used across an entire organisation are generally implemented as client/server applications. In many cases servers themselves access other downstream servers, e.g. database systems. The security of the applications must therefore be considered independently of the IT systems and networks.
- Module B 5.1 Peer-to-peer services must be applied to each client offering peer-to-peer services (for example shared directories) in the network.
- Module B 5.2 Exchange of Data Media should be used once for every application which serves as a source of data for an exchange of data media or processes data received by this route.
- Module B 5.3 E-Mail must be applied to each e-mail system (internal or external) of the IT assets under consideration.
- Module B 5.4 Web server must be applied to each Web service (e.g. Intranet or Internet) of the examined IT assets.
- Module B 5.5 Lotus Notes must be applied once to each workgroup system based on Lotus Notes or to any corresponding group in the IT assets.
- Module B 5.6 Fax servers must be applied to every fax server or corresponding group.
- Module B 5.7 Databases should be applied once per database system or group of database systems.
- Module B 5.8 Telecommuting must also be applied to each IT system which is used for telecommuting.
- Module B 5.9 Novell eDirectory should be applied once to every directory service that is implemented with Novell eDirectory.
- Module B 5.10 Internet Information Server must be applied - in addition to module 5.4 - to every Web service which is run with this product.
- Module B 5.11 Apache Webserver must be applied - in addition to module 5.4 - to each Web service which is run with this product.
- Module B 5.12 Exchange 2000 / Outlook 2000 must be applied - in addition to module B 5.3 - to each workgroup or E-mail system which is based on Microsoft Exchange or Outlook.
Completeness check
Finally, a check should be performed to ensure that the entire system has been seamlessly and completely modelled. It is recommended to use the network plan or a similar overview of the IT assets to this purpose and to check the individual components systematically. Each component should either
be assigned to a group or modelled individually.
If the overall network has been divided into sub-networks in layer 4, it should be checked whether
- Each sub-network has been fully mapped and

__________________________________________________________________________________________
2.2
It is important that not only all hardware and software components are modelled from a technical perspective, but that the related organisational, personnel and infrastructural aspects are also fully covered.

3
3 Roles
In addition to recommendations on the implementation of individual safeguards, the IT-Grundschutz-Catalogues also give examples of persons who are responsible for the initiation or implementation of these safeguards. As the designations of the persons or roles named here as responsible varies within organisations, a brief role description is included to facilitate assignment.
Responsible persons Role description
Application developer An application developer is an expert entrusted with planning, developing, testing or maintaining programmes.
Archiver The archiver is responsible for setting up, operating, monitoring and - maintaining of an archive system on a specialist level.
Auditor An auditor checks whether the planned safeguards and measures have been satisfactorily implemented.
Construction company These are companies which perform construction work of all types for the organisation operating the IT system or their representative. These can be buildings in a general sense, electrical structures or also the installation of hazard alert systems (construction company).
Construction manager The function of the construction manager (from overall planning through to site planning, etc. and individual structures) can, for example,
be met by an architect or a planning office.
Construction supervisor A construction supervisor is responsible for the implementation of construction projects.
Data backup officer The data backup officer is assigned the task of compiling, maintenance, regular updating and implementation of a data security concept.
Data protection officer A data protection officer is a person appointed by managers of a public agency or a company who is responsible for correct handling of personal data in accordance with the law in companies or a public agency.
Emergency officer The emergency officer is authorised by the public agency or company management to decide whether a certain situation should be classed as an emergency, and if necessary to initiate suitable emergency measures.
Employee An employee is a member of a specialist department, a public agency or a company.

3
Fax sender This refers to a person sending a fax.
Fire protection officer A fire protection officer is responsible for all matters related to fire protection. He is also responsible for the compilation of fire risk analyses, employee training and further training, sometimes also for maintenance and servicing of the fire protection equipment.
Head of internal services section
This refers to the head of the internal services section or the person - responsible for the provision of general services.
Head of IT section This refers to the head of the IT department or management responsible for information technology.
Head of organisational section
This refers to the head of the organisational unit who is responsible for the control and supervision of general operations as well as for planning, organisation and all administration services.
Head of personnel This refers to the head of the personnel department or the organisational unit responsible for personnel matters.
Head of purchasing department
This refers to the head of the purchasing department or the organisational unit which is responsible for purchasing.
Head of site technical services
This refers to the person responsible for site technical services.
Head of the specialist department
This refers to the head of a specialist department.
Internal services division The internal services division is an organisational unit which co- ordinates all central services for all employees, e.g. postal services,
photocopier, in-house driver and courier service, elimination of technical faults, cleaning, provision of operating resources, etc.
IT procedures officer An IT procedures officer is responsible for the correct procedure of one or more special IT processes, e.g. for electronic warehouse management, etc.
IT security management IT security management refers to the group of persons responsible for the IT security process within an organisation. The term IT security management is used synonymously as a term for the IT security management team.
IT security management - team
The IT security management team deals with cross-department matters related to IT security and compiles plans, requirements and guidelines on this topic.
IT security officer An IT security officer is a person appointed by a public agency or - company management who is charged by management for the organisation and/or implementation of adequate IT security in the company or the public agency.
IT support technician The assignments of an IT support technician include dealing with questions submitted by users concerning problems with the standard IT equipment.

3
uses IT systems for completing assignments.
Mail room The mail room is a collection office in a public agency or a company for incoming and outgoing mail. Fax and e-mail services can also be included in the scope of activities.
Network administrator A network administrator is responsible for setting up, operating, controlling the use of and also maintenance of a computer network or sub-networks. The assignments of a network administrator include, for example, the compilation of a network plan, setting up new services and the evaluation of log files.
Network planner A network planner is responsible for planning the structure of the IT networks and connection to external and public networks.
PBX officer The PBX officer is responsible for operation of the telecommunications systems and the corresponding rules and procedures.
Person responsible for individual IT applications
The person responsible for individual IT applications is not only charged with ensuring smooth operation of the IT application, but also for the initiation and implementation of IT security safeguards for this application.
Personnel department The personnel department is e.g. responsible for the following tasks:
- Basic personnel-related questions
- Personnel deployment planning
- Hiring of personnel
- Deployment of personnel
- Personal employee-related matters
- General co-operation with staff representatives
Planner Introduction of the general term "planner" instead of the terms "network planner" and "construction manager".
Press office The press office is responsible for all incoming and outgoing contacts with the press and media.
Procurer This refers to a member of the purchasing department who is responsible for the procurement of operating resources or IT systems.
Public agency/Company management
This refers to the management level of the institution or the organisational unit under consideration.
Purchasing department The purchasing department initiates and monitors orders. Public - agencies have defined processes for handling orders.

3
Specialist department A specialist department is part of a public agency or a company which is charged with one or more specialist assignments. In the case of agencies on the federal or federal state level, the department is a grouping of several units.
Staff council / Works council
The staff council and the works council are responsible for representing the interests of employees towards the public agency or company management.
Superiors The term superior refers to the members of an organisation who have authority invested in them on the basis of their position within the organisation.
Technical manager The technical manager is responsible for the content of one or more IT- processes (for example the head of the sales organisational unit is the - technical manager for the "automatic sales" application.

__________________________________________________________________________________________
4
This glossary explains several important terms related to information security and IT-Grundschutz.
Administrator
An administrator manages and provides support for the computers and computer networks. He installs operating systems and application programs, creates new user IDs and allocates the rights required for the respective assignments. The administrator himself generally has far- reaching or even unrestricted access rights to the computers or networks he manages.
Application level gateway (ALG)
An application level gateway is an IT system which filters the information of the application layer (i.e. the actual content (the user data) of a package or several corresponding packages) and can permit or
prohibit various connections or commands on the basis of special rules. An application level gateway is generally implemented on an IT system which is used solely for this purpose with a minimised set of commands.
Applied threat
An applied threat is a basic threat which has a direct effect on an object as the result of a vulnerability. A basic threat therefore only becomes an applied threat for an object when combined with a vulnerability.
For example, are computer viruses a basic or applied threat to the user who is surfing the Internet? According to the above definition it can be ascertained that all users are principally exposed to a basic threat by computer viruses on the Internet. The user who downloads an infected file is exposed to an applied threat by the computer virus if his computer is vulnerable to this type of computer virus. Users with an effective anti-virus programme, a configuration which prevents the function of the virus, or an operating system which cannot execute the virus code is, however, not exposed to an applied threat as a result of downloaded malicious program.
Assessment of protection requirements
During assessment of protection requirements, the necessary degree of protection of the business processes, the processed information and the IT components is determined. The potential damage which could occur as a result of loss of confidentiality, integrity or availability is considered for each application and the information processed within the application. It is also important to realistically assess potential subsequent damage. Experience has shown that classification in three protection requirement categories - "normal", "high" and "very high" - is effective.
Asset
Everything which is important for an organisation (financial assets, knowledge, objects, health).
Auditing
Auditing is the systematic examination of the suitability of and compliance with specified (security) guidelines. Auditing should be independent and neutral.
Authentication

__________________________________________________________________________________________
4
Authentication process
When a person logs in on a system, the system runs a check to verify the identity of the person in the scope of authentication process. The term is also used when the identity of IT components or applications is tested.
Authenticity
The term authenticity refers to the attribute which ensures that a communication partner is actually the one he claims to be. If information is authentic, this ensures that it was compiled by the stated source. The term is not only used when the identity of persons is checked, but also for IT components or applications.
Authorisation
During authorisation whether a person, an IT component or an application is authorised to perform a specific action is checked..
Availability
The availability of services, functions of an IT system, IT applications or IT networks or also information is given if these are always made available to users as required.
Basic IT security parameters
The IT-Grundschutz defines three fundamental IT security values: confidentiality, availability and integrity.
Each user is naturally free to include additional fundamental values when assessing protection requirements if this is helpful in individual cases. Other generic terms concerning IT security are, for example:
- Authenticity
- Liability
- Reliability
Basic security check
In IT-Grundschutz this term refers to the investigation of whether all safeguards recommended by IT- Grundschutz have already been implemented in an organisation and which basic IT security safeguards are still missing.
Basic threat
A basic threat in general terms is an event or condition which involves the risk of damage. The damage is related to a concrete value such as financial assets, knowledge, objects or health. In IT terms a basic threat is a condition or an event which can negatively affect the availability, integrity or the confidentiality of information, which in turn results in damage to the owner of the information. Basic threats can result from the effects of force majeure, organisational shortcomings, human errors, technical failure or deliberate acts.
Blackbox test

__________________________________________________________________________________________
4
Browser
A browser is software used to access the World Wide Web. The program interprets the incoming data and displays these as text and images on the screen.
Certificate
The term certificate is used in information security contexts in different ways. The main definitions are as follows:
- IT-Grundschutz certificate: As the IT-Grundschutz Methodology in combination with the IT Grundschutz Catalogues is a recognised set of criteria for IT security, the BSI has created a certification scheme for IT-Grundschutz. An IT-Grundschutz certificate can therefore be issued to document the fact that all relevant security safeguards from the IT Grundschutz Catalogues have
been implemented for the reviewed IT assets.
- Certificate (key certificate): A key certificate is an electronic confirmation used to assign signature verification keys to a person. With digital signatures a certificate is required as confirmation by a trustworthy third party to prove that the cryptographic key used to generate the digital signature really belongs to the signee.
- Certificate (IT security certificate, CC certificate): Internationally recognised IT security criteria are used as the basis for certification, such as the Common Criteria (ISO/IEC 15408). This is used to evaluate a wide range of products and systems. One main prerequisite is, however, that the security properties confirmed in the certificate at the end of the procedure are in keeping with the observance of confidentiality, availability and integrity.
- Certificate of protection profiles (profile certificates): Protection profiles enable Common Criteria user groups and manufacturers to stipulate security requirements which are typical for the product class and specific services. The inclusion of protection profiles during the product development
phase facilitates their evaluation, and the resulting products effectively meet the specific demands of the users. Protection profiles can also be evaluated and certified.
Client
Client refers to software or hardware which is able to make use of certain services provided by a server. Frequently, the term client is used for a workstation computer which accesses data and
programs of a server in a network.
Computer virus
A computer virus is a non-independent, self-reproducing routine which manipulates system areas, programs and their environments in a manner which cannot be controlled by the user. (In addition the virus can also be programmed with damaging functions.)
Confidentiality
Confidentiality means protection against unauthorised release of information. Confidential data and information may only be made available to authorised persons in the permissible manner.
Cumulative effect

__________________________________________________________________________________________
4
Damaging function
Damaging function refers to a function which is unwanted by the user, and which can endanger the availability of data, resources or services and the confidentiality or integrity of data, either unintentionally or deliberately.
Danger
"Danger" is often regarded as a generic term, whereas "threat" is understood as a more closely defined danger (defined spatially and in terms of time with regard to type, scope and direction). Example: The danger is loss of data. Loss of data can occur, for example, due to a defective hard disk or as the result of theft. The threats are then "defective data media" and "theft of data media". However, this differentiation is not made consistently in the literature, and its significance is more of an academic nature, so that both "danger" and "threat" can be regarded as meaning the same.
Data backup
Data backup involves making copies of existing data to prevent their loss.
Data backup includes all technical and organisational measures required for ensuring the availability, integrity and consistency of the systems, including the data, programs and procedures saved on these systems for processing purposes.
Proper data backup means that the undertaken safeguards ¿ defined on the basis of the data sensitivity ¿ enable immediate or short-term restoration of the condition of the system, data, programs or
procedures when it has been determined that the availability, integrity or consistency has been negatively affected by a damaging event. The minimum requirements of these safeguards stipulate making copies of the data and testing of the restored copies of the respective software, data and
procedures in defined cycles and generations.
Data protection
Data protection refers to the protection of person-related data against any misuse by third parties (should not be confused with data security).
Data security
Data security refers to the protection of data in connection with stipulated requirements regarding their confidentiality, availability and integrity. A modern term for this is "IT security".
Demilitarised zone (DMZ)
A DMZ is an intermediate network which is located between the Intranet and the Internet, but which is not included in either network. It is a separate network which is not as well protected as the Intranet.
On simple security gateways DMZ are normally created on a third interface of the package filter (both other interfaces are connected to the Intranet or the Internet). If the security gateway comprises a
package filter-application level gateway-package filter configuration, an additional interface of the application level gateway (ALG) generally serves as a DMZ interface. If package filters or ALG have more than three interfaces, additional DMZs can be created.
Digital signature

__________________________________________________________________________________________
4
- That is possible to check, with authentication, whether the file to which the digital signature was appended is identical to the file which was actually signed.
Distribution effect
The distribution effect can have a qualifying influence on protection requirements if an in

It Grundschutz Kataloge 2005 En

Documents

Transcript of It Grundschutz Kataloge 2005 En