Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Authors: Andreas Lorenz and Thomas Brandel.

Published byKathryn Clarke Modified over 8 years ago

Similar presentations

Presentation on theme: "Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Authors: Andreas Lorenz and Thomas Brandel."— Presentation transcript:

1 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Authors: Andreas Lorenz and Thomas Brandel Revised for the ISSeG Project by Ursula Epting, Bruno Hoeft and Tobias Koenig The following presentations have been used for System Administrator training at FZK and are thus specific to their environment. However many features will be common to most institutes and thus the slides could make a good basis for producing customized training material IT Security - Regulations and Technical Aspects Security requirements, data protection and management

2 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Analysis of the organizational unit’s need for IT security Handling of data Organization of IT security Agenda

3 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Analysis of the Organizational Unit’s Need for IT Security / Survey Relating to IT Security To ensure safe operation meeting the IT security criteria, it is helpful to make a survey all over the site. A master questionnaire will be presented on the next transparencies. IT Security Need (1)

4 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Questionnaire: Group of the organizational unit (one questionnaire per group) A group is a set of computers of the same type. Groups are characterized by the way of use. Typical groups are e.g. desktop computers or server systems. Per unit, not more than 4-5 groups should be identified – this figure does not represent an absolute limit, it shall serve as a guideline for the group sizes of an organizational unit. General data Organizational unit or institute /department Name of the unit (name of the institute or central institution, name of the organizational unit) Designation of the groupName of the resource group within the institution Short descriptionShort (notes) description of the use of the group at the institution Contact partner (for technical questions) Contact partners for the group (more persons are possible) in case of questions E-mail addressE-mail addresses of the contact partners Network integration Requires access to (mark all accesses required) Choose the respective network areas to which the group requires access Use from network areas outside of the group? Indicate whether the group has to be accessed from outside of the network area. It is not referred to access from the computing center or IWR. Role of the device group □ Desktop □ Server □ Laboratory/ special device □ Guests/ external devices IT Security Need (2)

5 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Consequences of failure (availability) Maximum tolerable failure time of this computer group for the organizational unit Period, during which the failure of the network does not cause any major damage per critical safety incident Consequences of failure (beyond the maximum outage time) Potential consequences of a failure, if the maximum outage time is exceeded. Who is affected:Which group of persons or resources is affected by the failure of the group? Further information for IWR or the Computing Center RemarksFree text field to inform about special features of the group Dependence on other services Services required (central) Selection of central resources needed by the group Services required (decentralized) Selection of resources needed by the group, which are not supplied centrally Are the devices integrated in the central administration directory and update management? Indicate whether the resources may be provided with software updates and virus protection programs from a central point and whether they may be controlled from there IT Security Need (3)

6 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Analysis of the organizational unit’s need for IT security Handling of data Organization of IT security Agenda

7 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Classification Storage devices Disposal Saving of data Back-up Archive Overview: Handling of Data

8 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Data (1) Classification of Data Access authorization –worldwide –for the Research Center –for an organizational unit –for a department –for a certain working group only –personal (not private!) Relevance to data protection legislation (person-related data) –yes –no

9 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Data (2) Disposal of Storage Devices Safe deletion or destruction of storage devices Treatment depends on the worthiness of the stored data to be protected Disks, CDs: Safe destruction by shredding Hard disks: Destruction of the data by (multiple) overwriting When disposing of storage devices, contact the Waste Management Center When handing a computer over to a new user, take care that the personal data of the previous owner have been deleted

10 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Data (3) Back-up and Archiving The following site-wide file systems are subject to a daily automatic back-up: –Global data storage under Windows –Windows directories of the organizational units –Global working domain of UNIX users Other areas of back-up: –Mail servers –Several databases –SAP data It is also possible to install a client for back-up and long-term archiving on servers, workstations or clients

11 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Analysis of the organizational unit’s need for IT security Handling of data Organization of IT security Agenda

12 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Organization of IT Security (1) The following commissioners and bodies exist: IT security commissioner Data protection commissioner Works council IT security commissioners of the organizational units IT security working group The organizational structures of sites (bodies and commissioners) may vary considerably. They depend on the national legislation.

13 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Organization of IT Security (2) Behavior in case of incidents –In case of incidents, contact the IT Security Commissioner of your organizational unit first. He/she will decide on the further proceeding –If personal data are affected, contact the Data Protection Commissioner and the Works Council, if necessary –Under certain circumstances, charges are filed by the Legal Department The proceeding is dependent on the organizational structure of the site (bodies and commissioners), of course.

14 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Information on the Intranet Site-specific documents and intranet links.

15 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Information on the Internet (1) DFN-CERT (Computer Emergency Response Team) –www.dfn-cert.dewww.dfn-cert.de Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Security in Information Technology) –www.bsi.dewww.bsi.de –www.bsi-fuer-buerger.dewww.bsi-fuer-buerger.de Securityfocus –www.securityfocus.comwww.securityfocus.com Heise Security Newsticker –www.heise.de/securitywww.heise.de/security Secorvo Security News –www.secorvo.de/security-newswww.secorvo.de/security-news Secunia (Information on weaknesses of various software) –www.secunia.comwww.secunia.com

16 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Information on the Internet (2) IT-SecCity –www.itseccity.dewww.itseccity.de Deutschland sicher im Netz e.V. –www.sicher-im-netz.dewww.sicher-im-netz.de NIST Computer Security Division: –http://csrc.nist.gov/http://csrc.nist.gov/

17 Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Thank you for your attention Final Remark

Download ppt "Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Authors: Andreas Lorenz and Thomas Brandel."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
Distributed Data Processing

Distributed Data Processing
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/2015 1.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Internet, Intranet and Extranets

Internet, Intranet and Extranets
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Authors: Andreas Lorenz and Thomas Brandel Revised for the ISSeG Project by Ursula Epting, Bruno.

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Authors: Andreas Lorenz and Thomas Brandel Revised for the ISSeG Project by Ursula Epting, Bruno.
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Authors: Andreas Lorenz and Thomas Brandel Revised for the ISSeG Project by Ursula Epting, Bruno.

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Authors: Andreas Lorenz and Thomas Brandel Revised for the ISSeG Project by Ursula Epting, Bruno.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
Maintaining Windows Server 2008 File Services

Maintaining Windows Server 2008 File Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google