The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Tesida Tojami
Country: Puerto Rico
Language: English (Spanish)
Genre: Sex
Published (Last): 11 August 2007
Pages: 287
PDF File Size: 3.61 Mb
ePub File Size: 9.70 Mb
ISBN: 523-2-56090-805-8
Downloads: 32074
Price: Free* [*Free Regsitration Required]
Uploader: Arataur

Managers are initially named to initiate and realize the measures in the respective measures description. A detailed description of the measures follows. Articles with topics of unclear notability from October All articles with topics of unclear notability. Please help to establish notability by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention.

In this way, a security level can be achieved, viewed as adequate in grundschuz cases, and, consequently, replace the more expensive risk assessment. The necessary measures are presented in a text with short illustrations.

OWASP Review BSI IT-Grundschutz Baustein Webanwendungen – OWASP

Federal Office for Security in Information Technology. The fourth layer falls within the network administrators task area. The aim of IT- Grundschutz is to achieve if appropriate security level for all types of information of an organisation. The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems.

This is followed by the layer number affected by the element. To keep each component as compact as katalogw, global aspects are collected in hrundschutz component, while more specific information is collected into a second.

BundesanzeigerCologne Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first. Degrees of realization, “considerable”, “yes”, “partial”, and “no”, are distinguished.


In cases in which security needs are greater, such protection can be used as a basis for further action. The forms provided serve to remedy protection needs for certain IT system components. This approach is very time-intensive and very expensive. Individual threat sources are described briefly.

IT Baseline Protection Catalogs – Wikipedia

The following layers are formed: IT- Grundschutz uses a holistic approach to this process. Both components grundzchutz be successfully implemented to guarantee the system’s security. Baseline protection does, however, demand an understanding of the measures, as well as the vigilance of management.

Measures are cited with a priority and a classification. From Wikipedia, the free encyclopedia. Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail. The measures catalogs summarize the actions necessary to achieve baseline protection; measures appropriate for several system components are described centrally.

CRISAM BSI und GSTOOL Knowledge Pack

C stands grundschutx component, M for measure, and T for threat. This page was grundschtuz edited on 29 Septemberat In the example of an Apache web server, the general B 5. The component catalog is the central element, and contains the following five layers: These present supplementary information. IT Baseline Protection Handbook. The component number is composed of the layer number in which the component is located and a unique number within the layer.

Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives.

Category Z measures any additional measures that have proven themselves in practice. If the measures’ realization is not possible, reasons for this kagaloge entered in the adjacent field for later traceability.

The table contains correlations between measures and the threats they address. However, the cross-reference tables only cite the most important threats.

Through proper application of well-proven technical, organisational, personnel, and infrastructural safeguards, a security level is reached that is suitable and adequate to protect business-related information having normal protection requirements. Languages Deutsch Italiano Edit links. Grundachutz Office for Security in Information Technology, version.


After a complete depiction, individual measures are once again collected into a list, which is arranged according to the measures catalog’s structure, rather than that of the life cycle.

Views Read Edit View history. The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer. It serves as the basis for the IT baseline protection certification of an enterprise. These threat catalogs follow the general layout in layers. The text follows the facts of the life cycle in question and grundscchutz planning and design, acquisition if necessaryrealization, operation, selection ot necessaryand preventive measures.

Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question. Each individual component follows the same layout. Grundschhtz Overview you will find in the Decision Guide for Managers.

Category A measures for the entry point into the subject, B measures expand this, and category C grjndschutz ultimately necessary for baseline protection certification.

Finally, the realization is terminated and a manager is named. It is not necessary to work through them to establish baseline protection. You will find in the IT- Grundschutz Catalogues the modules, threats and safeguards.

IT- Grundschutz The aim of IT- Grundschutz is to achieve ggundschutz appropriate security level for all types of information of an organisation. During realization of measures, personnel should verify whether adaptation to the operation in question is necessary; any deviations from the initial measures should be documented for future reference.