Computer Security Manual
SEC|POL|AO12
ISIS Directive
Computer Security Manual
Origin: Security and Investigation Directorate
Issue 7: March 1993
Contents
Foreword by the chairman
Amendment record sheet
List of effective pages
- Introduction
- Scope and purpose
- Relationship to the previous issue
- Structure of the manual
- Feedback
- Use of the CSM by suppliers and contractors
- Acknowledgements
- Introduction
- Corporate policy on electronic system security
- Objective
- Relationship to other security policies
- Responsibility for security
- Derivation of security requirements
- Security policy for the life cycle
- Security evaluation, certification and accreditation
- Security approvals
- Product security
- Introduction
- System interconnection
- Network management
- Network architecture
- Threats to networked systems
- Cryptographic protection
- Electronic Mail Systems
- Introduction
- Accommodation
- Services
- Electronic system equipment sign posting
- Physical access control strategy
- Personnel access
- System or master consoles
- Other terminals
- Communications rooms and equipment
- Media libraries and disaster stores
- 5.1 Introduction
- 5.2 Personal security responsibility
- 5.3 PC and data access security
- 5.4 Security of software
- 5.5 Personal computer communications
- 5.6 Contingency planning
- 5.7 File Servers
- 6.1 Introduction
- 6.2 Regulating access to computers
- 6.3 Identification
- 6.4 Passwords
- 6.5 Limitations of password security
- 6.6 Logging on
- 6.7 Logging off
- 6.8 User privileges
- 6.9 Access to user files
- 6.10 Customer access to BT computers
- 6.11 Contractors
- 7.1 Introduction
- 7.2 Software installation and maintenance
- 7.3 Log facilities and system data
- 7.4 Data sensitivity
- 7.5 Storage
- 7.6 Disposal of media
- 7.7 Computer viruses
- 8.1 Introduction
- 8.2 Personnel
- 8.3 Disaster protection
- 9.1 Introduction
- 9.2 Data protection act principles
- 9.3 Definitions
- 9.4 Registration
Foreword by the chairman
A vital element in our drive to achieve the highest quality of service standards is
the provision of a secure work environment. This means that our resources - people, systems, information and physical assets Ñ must be protected against a variety of threats which range from the malicious to the criminal. We also have security obligations
that form part of the legal and regulatory requirements we must observe.
The Information Security Code, Computer Security Manual and Physical Security
Handbook define the ways in which we can maintain a secure environment. They
clarify our responsibilities and provide the expert guidance which we can use to
achieve and maintain the levels of security appropriate to the various activities of
BT. The rules outlined in these publications are mandatory.
IDT Vallance