Austrian IT Security Handbook

Published under Risk Management

 

Product identity card

General information
Basic information to identify the product

Method or tool name : Österreichisches IT-Sicherheitshandbuch (Austrian IT Security Handbook)
Vendor name : Bundeskanzleramt (Austrian federal chancellery)
Country of origin : Austria



Level of reference of the product
Details about the type of initiator of the product

Public / government organisation : Austrian federal chancellery



Identification
Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification : The handbook contains a generic description of RA, but does not specify a special method
  • Risk analysis
  • Risk evaluation

R.M. Method phases supported

  • Risk assessment: Part 1, chapter 4
  • Risk treatment : Part 1, chapter 5.1, part 2
  • Risk acceptance : Part 1, chapter 5.2
  • Risk communication : Part1, chapters 5.5 and 6.2

Brief description of the product

  • The Austrian IT Security Handbook consists of 2 parts. Part 1 gives a detailed description of the IT security management process, including development of security policies, risk analysis, design of security concepts, implementation of the security plan and follow-up activities. Part 2 is a collection of 230 baseline security measures. A tool supporting the implementation is available as a prototype. The Austrian IT Security Handbook was originally developed for government organizations, and is now available for all types of business. The handbook is compliant with ISO/IEC IS 13335, the German IT-Grundschutzhandbuch and partly with ISO/IEC IS 17799.


Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 1998
Date and identification of the last version : Version 2.2, November 2004



Useful links
Link for further information

Official web site : http://www.cio.gv.at/securenetworks/sihb/
User group web site : N/A
Relevant web site : N/A



Languages
List the available languages that the tool supports

Availability in European languages : German



Price
Specify the price for the method

  • Free


Page top

Scope

Target organisations
Defines the most appropriate type of organisations the product aims at

  • Government, agencies
  • Large companies
  • SME
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : N/A



Geographical spread
Information concerning the spread of this tool

Used in EU member states : Austria
Used in non-EU member states : N/A



Level of detail
Specify the target kind of users

  • Management
  • Operational


License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : No
Existing certification scheme : No



Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

  • To introduce : Standard
  • To use : Standard
  • To maintain : Standard


Consultancy support
Specify the kind of support available

Consultancy : Not necessary



Regulatory compliance
There is a given compliance of the product with international regulations

  • N/A


Compliance to IT standards
There is a compliance with a national or international standard



Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

Availability : Product is free



Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No



Tools supporting the method
List of tools that support the product

Non commercial tools

  • Yes, in prototype status (free of charge)

Commercial tools

  • N/A


Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : No



Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : Business continuity, change management, system management



Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : No

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more