FOREWORD
INTRODUCTION
1 SCOPE
2 REFERENCES
3 DEFINITIONS
4 AIM
5 OVERVIEW
6 INTRODUCTION TO SAFEGUARD SELECTION AND THE CONCEPT OF
BASELINE SECURITY
7 BASIC ASSESSMENTS
7.1 IDENTIFICATION OF THE TYPE OF IT SYSTEM
7.2 IDENTIFICATION OF PHYSICAL/ENVIRONMENTAL CONDITIONS
7.3 ASSESSMENT OF EXISTING/PLANNED SAFEGUARDS
8 SAFEGUARDS
8.1 ORGANIZATIONAL AND PHYSICAL SAFEGUARDS
8.2 IT SYSTEM SPECIFIC SAFEGUARDS
9 BASELINE APPROACH: SELECTION OF SAFEGUARDS ACCORDING TO
THE TYPE OF IT SYSTEM
9.1 GENERALLY APPLICABLE SAFEGUARDS
9.2 IT SYSTEM SPECIFIC SAFEGUARDS
10 SELECTION OF SAFEGUARDS ACCORDING TO SECURITY CONCERNS AND
THREATS
10.1 ASSESSMENT OF SECURITY CONCERNS
10.2 SAFEGUARDS FOR CONFIDENTIALITY
10.3 SAFEGUARDS FOR INTEGRITY
10.4 SAFEGUARDS FOR AVAILABILITY
10.5 SAFEGUARDS FOR ACCOUNTABILITY, AUTHENTICITY AND
RELIABILITY
11 SELECTION OF SAFEGUARDS ACCORDING TO DETAILED
ASSESSMENTS
11.1 RELATION BETWEEN PART 3 AND PART 4 OF THIS TECHNICAL
REPORT
11.2 PRINCIPLES OF SELECTION
12 DEVELOPMENT OF AN ORGANIZATION-WIDE BASELINE
13 SUMMARY
BIBLIOGRAPHY
ANNEX A CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
ANNEX B ETSI BASELINE SECURITY STANDARD FEATURES AND MECHANISMS
ANNEX C IT BASELINE PROTECTION MANUAL
ANNEX D NIST COMPUTER SECURITY HANDBOOK
ANNEX E MEDICAL INFORMATICS: SECURITY CATEGORISATION AND
PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
ANNEX F TC68 BANKING AND RELATED FINANCIAL SERVICES - INFORMATION
SECURITY GUIDELINES
ANNEX G PROTECTION OF SENSITIVE INFORMATION NOT COVERED BY THE
OFFICIAL SECRETS ACT - RECOMMENDATIONS FOR COMPUTER
WORKSTATIONS
ANNEX H CANADIAN HANDBOOK ON INFORMATION TECHNOLOGY SECURITY