The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Zulkidal Feshicage
Country: Chad
Language: English (Spanish)
Genre: Video
Published (Last): 19 January 2017
Pages: 116
PDF File Size: 16.73 Mb
ePub File Size: 8.24 Mb
ISBN: 597-5-94190-334-4
Downloads: 18133
Price: Free* [*Free Regsitration Required]
Uploader: Gajar

The table contains correlations between measures and the threats they address.

Bundesamt für Sicherheit in der Informationstechnik

In this way, a security level can be achieved, grundschuhz as adequate in most cases, and, consequently, replace the more expensive risk assessment. Decision Guide for Managers: To keep each component as compact as possible, global aspects are collected in one component, while more specific information is collected into a second. C stands for component, M for measure, and T for threat.

The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections. Federal Office for Security in Information Technology.

The measures catalogs summarize the actions necessary to achieve baseline protection; measures appropriate for several system components are described centrally. If the measures’ katalogw is not possible, reasons for this are entered in the adjacent field for later traceability.

BSI – IT-Grundschutz – IT-Grundschutz International

Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question. Each measure is named and its degree of realization determined. Finally, control questions regarding correct realization are given. In this way, a network of individual components arises in the baseline protection catalogs. By using this site, you agree to the Terms of Use and Privacy Policy.


The fourth layer falls within the network administrators task area. Individual threat sources are described briefly.

In the process, classification of measures into the categories A, B, C, and Grunsdchutz is undertaken. The respective measures or threats, which are introduced in the component, can also be relevant for other components.

Baseline protection can only be ensured if all measures are realized. Each individual component follows the same layout. A detailed description of the measures follows.

Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives. These threat catalogs follow the general layout in layers. The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers.

CRISAM BSI und GSTOOL Knowledge Pack

ut From Wikipedia, the free encyclopedia. An Overview you will find in the Decision Guide for Managers. This is followed by the layer number affected by the element. The component number is composed of the layer number in which the component is located and a unique number within the layer.

If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous. Finally, examples of damages that can be triggered by these threat sources are given.

OWASP Review BSI IT-Grundschutz Baustein Webanwendungen – OWASP

Finally, the realization is terminated and a manager is named. Baseline protection does, however, demand an understanding of the measures, as well as the vigilance of management. BundesanzeigerCologne Grunsdchutz with topics of unclear notability from Grundscyutz All articles with topics of unclear notability. Languages Deutsch Italiano Edit links. Measures are cited with a priority and a classification. The detection and assessment of weak points in IT systems often occurs by way of a risk assessmentwherein a threat potential is assessed, and the costs of damage to the system or group of similar systems are investigated individually.


During realization of measures, personnel should verify whether adaptation to the operation in question grunddchutz necessary; any deviations from the initial measures should be documented for future reference. In cases in which security needs are greater, such protection can be used as a basis for further action.

This page was last edited on 29 Septemberat If notability cannot be established, the article is likely to be mergedredirectedor deleted. The given threat situation is depicted after a short description of the component kwtaloge the facts. The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.

According to the BSI, the knowledge collected in these catalogs is not necessary to establish baseline protection.