The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Yozshuzilkree Moogudal
Country: El Salvador
Language: English (Spanish)
Genre: Spiritual
Published (Last): 14 August 2010
Pages: 438
PDF File Size: 17.64 Mb
ePub File Size: 9.25 Mb
ISBN: 872-8-11584-837-9
Downloads: 92518
Price: Free* [*Free Regsitration Required]
Uploader: Tygokasa

Degrees of realization, “considerable”, “yes”, “partial”, and “no”, are distinguished. Category A measures for the entry point into the subject, B measures expand this, and category C is ultimately necessary for baseline protection certification.

In the process, layers are used for structuring individual measures groups.

Individual threat sources are described briefly. Please help to establish grundschugz by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. These lt supplementary information. The following layers are formed: The necessary measures are presented in a text with short illustrations.

The given threat situation is depicted after a short description of the component examining the facts. BundesanzeigerCologne The measures catalogs summarize the actions necessary to achieve baseline protection; measures appropriate for several system components are described centrally.

In this way, a network of individual components arises in the baseline protection catalogs.

Measures, as well as threats, are cited with mnemonics. Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question. The respective measures or threats, which are introduced in the component, can also be relevant for other components. If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous. A detailed description of the measures follows.


In many areas, IT- Grundschutz even provides advice for IT systems and applications requiring a high level of protection.

BSI-Grundschutz Katalog | BibSonomy

Category Z measures any katalohe measures that have proven themselves in practice. In the example of an Apache web server, the general B 5.

Articles with topics of unclear notability from October All articles with topics of unclear notability. It serves as the basis for the IT baseline protection certification of an enterprise. Retrieved from ” https: In this way, a security level can be achieved, viewed as adequate in most cases, and, consequently, replace the more expensive risk assessment.

Federal Office for Information Security (BSI)

These threat catalogs follow the general layout in layers. If the measures’ realization is not possible, reasons for this are entered in the adjacent field for later traceability. In cases in which security needs are greater, such protection can be used as a basis for further action. An itemization of individual threat sources ultimately follows. IT Baseline Protection Handbook. An Overview you will find in the Decision Guide for Managers.

Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline kata,oge in procedural detail. Finally, examples of damages that can be triggered by these threat sources are given.


This approach is very time-intensive and very expensive.

IT Baseline Protection Catalogs

The detection and assessment of weak points in IT systems often occurs by way of kqtaloge risk assessmentwherein a threat potential is assessed, and the costs of damage to the system or group of similar systems are investigated individually. The aim of IT- Grundschutz is to achieve an appropriate security level for all types of information of an organisation.

The first layer is addressed to managementincluding personnel and outsourcing. After a complete depiction, individual measures are once again collected into a list, which is arranged according to the measures catalog’s structure, rather than that of the life cycle. To keep each component as compact as possible, global aspects are collected in one component, while more specific information is collected into a second.

Finally, the realization is terminated and a manager is named.

The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections. Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives.

Each individual component follows the same layout.

Author: admin