LISTSERV 16.0 - MSUNAG Archives

From: "NW on Security" <[log in to unmask]>
To: [log in to unmask]
Subject: Baseline Security Manual 2004
Date: Thu, 16 Feb 2006 17:10:00 -0600
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Reply-To: Security Help <[log in to unmask]>
Message-Id: <[log in to unmask]>
X-Gwavix-Server-1.41: added fake MIME-Version header
MIME-Version: 1.0

NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
02/16/06
Today's focus:  Baseline Security Manual 2004

Dear John  Resotko,

In this issue:

* English translation of German security manual is back
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter sponsored by Astaro. 
ASTARO OFFERS FREE TRIAL OF NETWORK SECURITY APPLIANCE  

Protect your network against spam, spyware, viruses and hackers. 
Winner, PC Magazine Best of the Year 2005. 
http://www.fattail.com/redir/redirect.asp?CID=131492 or 
1-877-4ASTARO.
_______________________________________________________________
COMPLIMENTARY NETWORK WORLD PRINT SUBSCRIPTIONS  
SIGN UP NOW! 

Security is one of the most pressing issues in all of IT, and 
you need to stay on top of it. Network World delivers the 
hottest security news. Network IT Executives depend upon Network 
World for the information they need to keep their networks 
secure! Click for more 
http://www.fattail.com/redir/redirect.asp?CID=130625

_______________________________________________________________

Today's focus:  Baseline Security Manual 2004

By M. E. Kabay

For many years, I used the English-language _IT Baseline 
Security Manual_ created by the German Federal Office for 
Information Security (BSI: Bundesamt fur Sicherheit in der 
Informationstechnik) from its German-language _IT-Grundschutz 
Standard-Sicherheitmassnahmen_.

Some years ago, the English translation disappeared from the 
Web, and I continued to rely only on saved versions of the 1997 
version. However, in recent correspondence, reader Claus Stark, 
the business information security officer of the Frankfurt 
office of Citigroup, very kindly pointed me to a new English 
translation of the 2004 version of the Baseline Security Manual 
available in PDF online 
<http://www.bsi.de/english/gshb/index.htm>.

The 269-page Introduction and Modules 2004 file (7.2 MB) starts 
with an overview of the documents (Chapter 1) and 
recommendations (Chapter 2) on the analysis and modeling of 
information systems security requirements and safeguards.

* Chapter 3 covers fundamentals such as security of personnel, 
  contingency planning, data backups, anti-malware, cryptography 
  and incident management.

* Chapter 4 looks at infrastructure (buildings, cabling, rooms, 
  cabinets, telecommuting and operations centers).

* Chapter 5 discusses standalone systems such as PCs running 
  DOS, Windows, Unix, and the like.

* Chapter 6 continues with networked systems.

* Chapter 7 continues with data transmission systems - data 
  media, modems, firewalls, e-mail, Web servers, remote access, 
  Lotus Notes, Internet Information Services, Apache Web server, 
  Exchange/Outlook 2000, and routers and switches.

* Chapter 8 on telecommunications presents basic security 
  principles and practices for PBXs, fax machines and servers, 
  voice mail, ISDN connections, mobile phones and personal digital 
  assistants.

* Chapter 9 adds notes on application software, databases, more 
  on telecommuting, Novell eDirectory 8.6 and archiving.

The Threats Catalog (426 pages) includes:

* Force majeure 
  * Organizational shortcomings 
  * Human failures 
  * Technical failures 
  * Deliberate acts

The Safeguards Catalog (2056 pages) includes:

* Infrastructure 
  * Organization 
  * Personnel 
  * Hardware and software 
  * Communications 
  * Contingency planning

All the PDF documents have extensive bookmarks and are easily 
searchable.

I am confident that security practitioners and system/network 
administrators will find these free documents a valuable 
addition to their libraries of reference resources.021

Today's 10 most-read stories

1. Wacky requests from end users 
<http://www.networkworld.com/nlsecuritynewsal23133>  
2. How do the feds tap phone lines? 
<http://www.networkworld.com/nlsecuritynewsal23134>  
3. Tata faces employee lawsuit in the U.S. 
<http://www.networkworld.com/nlsec23580>  
4. How to make the most of your IT budget 
<http://www.networkworld.com/nlsec23581>  
5. Gates says security boils down to four focus areas 
<http://www.networkworld.com/nlsec23582>  
6. The new network switch 
<http://www.networkworld.com/nlsec22936nlsecuritynewsal23135>  
7. Forum: Strange user requests 
<http://www.networkworld.com/nlsec23583>  
8. The IT profession in the year 2010 
<http://www.networkworld.com/nlsec22944nlsecuritynewsal23140>  
9. Face-off: Is 'security in the cloud' the way to go? 
<http://www.networkworld.com/nlsec23584>  
10. LANDesk rules the roost in desktop management 
<http://www.networkworld.com/nlsec22938nlsecuritynewsal23141>

_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor in the 
Division of Business and Management at Norwich University in 
Northfield, Vt. Mich can be reached by e-mail 
<mailto:[log in to unmask]> and his Web site 
<http://www2.norwich.edu/mkabay/index.htm>.

New information assurance journal - Norwich University Journal 
of Information Assurance (NUJIA). See 
<http://nujia.norwich.edu/> 
_______________________________________________________________
This newsletter is sponsored by Sybase, Intel and HP 
Sybase IQ: An Evaluation by Bloor Research 

Datastores that promise query results in a matter of minutes may 
seem too good to be true. But in this product evaluation, Bloor 
Research validates that Sybase IQ provides substantially better 
performance--at a lower cost--than traditional BI environments. 
Click link to download this free whitepaper now.  
http://www.fattail.com/redir/redirect.asp?CID=131137
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter: 
<http://www.networkworld.com/newsletters/sec/index.html>  
Security Research Center: 
<http://www.networkworld.com/topics/security.html>  
Instant sign-up for Security News Alert: 
<http://www.networkworld.com/isusecna>   
Instant sign-up for Virus & Bug Patch Alert: 
<http://www.networkworld.com/isubug> 
_______________________________________________________________
ProCurve Networking by HP 
The Seven Deadly Sins of Deploying Wireless 

Are you thinking about deploying, expanding or even reworking a 
wireless network? An upfront strategy will give you the most 
long-term flexibility. The key is knowing how to avoid "The 
Seven Deadly Sins of Deploying Wireless.  "Tune-in to this 
on-demand 24/7 webcast anytime. 
http://www.fattail.com/redir/redirect.asp?CID=130796
_______________________________________________________________
FEATURED READER RESOURCE

Application acceleration across the WAN

Curious about the different approaches to speeding up those 
applications? We've invited Silver Peak, Cisco, Packeteer and 
Citrix to discuss their different approaches. They'll be online 
the week of Feb. 27 to answer your questions - and we'll have a 
library of links to related papers. If you want to get a head 
start, though, send us your WAN acceleration questions now to 
[log in to unmask] and the vendors will start working on answers. 
Find out more:

<http://www.networkworld.com/community/?q=acceleration>
_______________________________________________________________
May We Send You a Free Print Subscription? 
You've got the technology snapshot of your choice delivered 
at your fingertips each day. Now, extend your knowledge by 
receiving 51 FREE issues to our print publication. Apply 
today at http://www.subscribenw.com/nl2

International subscribers click here: 
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail 
newsletters, go to: 
<http://www.subscribenw.com/nl/login.jsp> 

To change your e-mail address, go to: 
<http://www.subscribenw.com/nl/eclogin.jsp> 

Subscription questions? Contact Customer Service by replying to 
this message.

This message was sent to: [log in to unmask] 
Please use this address when modifying your subscription. 
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor, 
at: <mailto:[log in to unmask]> 

Inquiries to: NL Customer Service, Network World, Inc., 118 
Turnpike Road, Southborough, MA 01772

For advertising information, write Susan Cardoza, Associate 
Publisher Online, at: <mailto:[log in to unmask]> 

Copyright Network World, Inc., 2006