What is IT-Grundschutz?
The IT-Grundschutz of the German Federal Office for Information Security (BSI) is a methodology for identifying and implementing IT security measures in an organisation. The aim is to establish an appropriate level of security for IT systems. To achieve this goal, the BSI recommends catalogues of measures for “proven technical, organizational, personnel and infrastructural security precautions”.
The BSI regularly aligns its standards with international standards such as the ISO/IEC 27001 standard -> https://www.bsi.bund.de/Zertifizierung27001
With the IT-Grundschutz catalogues, the BSI publishes a collection of documents that explain the introduction and implementation of effective and efficient information security management. Components, hazards and measures are defined as examples.
IT structure analysis
The starting point of a basic IT protection concept is the assumption of general hazards that affect an IT system. Based on this, technical, personnel, organizational and infrastructural security measures are selected from the catalogues. The implementation of IT-Grundschutz is preceded by an IT structure analysis. Here the information network to be considered is analysed and as a result a protection requirement is determined.
Procedure of the introduction
- Definition of the information network
- IT structure analysis
- Determination of protection requirements
- Measures modeling
- Basic security check
- Supplementary security analysis
- Implementation of the measures
Certificate for information security management
Organizations and federal authorities receive the ISO/IEC 27001 certificate for their information security management according to the requirements of the IT-Grundschutz.
Further information on this topic can be found here:
Do you have any more questions?