lF4

The foundational step for any security concept. It involves gaining precise knowledge of an organization's information assets, their importance to business processes and applications, and the organizational/technical environments they are used in.

1. Recording business processes, applications, and information within the scope.

2. Network planning.

3. Recording IT systems.

4. Recording rooms and physical locations.

To determine which IT-Grundschutz modules are applicable to the selected target objects of an information network. The result is an IT-Grundschutz model, which can serve as a development concept or an audit plan.

An initial assessment conducted before a risk analysis to determine if the basic and standard requirements of the IT-Grundschutz Compendium are met for specific target objects (e.g., entire information network, Office products, Windows clients).

The Information Security Officer (ISB) is involved in strategic decisions and responsible for ensuring and verifying that all requirements of the established security concept are met.

Information about the review process itself (e.g., interviewer, interviewees, date/time of interview), in addition to the assessment results for each requirement.

Restrict or disable active content (e.g., macros, ActiveX controls) in Office products to prevent the execution of malicious code.

Implement policies or technical controls to ensure that documents from untrusted external sources are opened in a secure, isolated environment (e.g., Protected View).

Users must be sensitized and trained on the security implications of specific Office features (e.g., macros, linked objects, external content) and how to handle them securely.

Define and implement specific technical security requirements for computers used for telework (e.g., encryption, firewall, antivirus, secure configuration).

Provide regular sensitization and training to employees on security aspects specific to telework, including safe handling of data and systems outside the office.

Implement strong authentication mechanisms for client access, such as complex passwords, multi-factor authentication, or smart cards.

Deploy and maintain up-to-date anti-malware software on all client systems to detect and prevent malware infections.

Regularly apply security updates and patches for the client's firmware, operating system, and all installed applications to address known vulnerabilities.

Use strong and current encryption protocols (e.g., WPA3) for WLAN operation to protect data confidentiality and integrity over the wireless network.

Ensure Access Points are configured securely by changing default passwords, disabling unnecessary services, and implementing strong administrative access controls.

• Implement proper network segmentation and firewall rules to securely isolate the WLAN from the wired Local Area Network (LAN) and control traffic flow.

Implement measures to securely store physical and digital official documents at the home office, preventing unauthorized access (e.g., locked cabinets, encrypted drives).

Ensure that confidential information (physical and digital) is disposed of securely at the home office (e.g., shredding paper, secure deletion of digital files) to prevent data leakage.

Take steps to prevent unauthorized individuals (e.g., family members, visitors) from accessing official equipment or sensitive information in the home office.