The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Nigar Yojinn
Country: Nicaragua
Language: English (Spanish)
Genre: Video
Published (Last): 6 June 2014
Pages: 410
PDF File Size: 1.57 Mb
ePub File Size: 7.2 Mb
ISBN: 893-5-30575-357-2
Downloads: 64826
Price: Free* [*Free Regsitration Required]
Uploader: JoJocage

These present supplementary information.

Both components must be successfully implemented to guarantee the system’s security. Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail.

The component catalog is the central element, and contains the following five layers: An Overview you will find in the Decision Guide for Managers.

To familiarize the user with the manual itself, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary. Finally, examples of damages that can be triggered by these threat sources are given. Articles with topics of unclear notability from October All articles with topics of unclear notability. Please help to establish notability by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention.


In this way, a security level can be achieved, viewed grundshutz adequate in most kataaloge, and, consequently, replace the more expensive risk assessment. The following layers are formed: The collection encompasses over pages, including the introduction and catalogs. They summarize the measures and most important threats for individual components. The table contains correlations between measures and the threats they address.

Federal Office for Information Security (BSI)

Measures are cited with a priority and a classification. The necessary measures are presented in a text with short illustrations.

The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers.

Baseline protection does, however, demand an understanding of the measures, as well as the vigilance of management. This publication does not intend to make managers grundscjutz security experts. An itemization of individual threat sources ultimately follows.

Finally, control questions regarding correct realization are given. In many areas, IT- Grundschutz even provides advice for IT katalogd and applications requiring a high level of protection. Each measure is named and its degree of realization determined. Baseline protection can only be ensured if all measures are realized. Through proper application of well-proven technical, organisational, personnel, and infrastructural safeguards, a security level is reached grunrschutz is suitable and adequate to protect business-related information having normal protection requirements.


BSI-Grundschutz Katalog | BibSonomy

IT Baseline Protection Handbook. The conclusion consists of a cost assessment. However, the cross-reference tables only cite the most important threats.

The component catalogs, grubdschutz catalogs, and the measures catalogs follow these introductory sections. If the measures’ realization is not possible, reasons for this are entered in the adjacent field for later traceability. After a complete depiction, individual measures are once again collected into a list, which is arranged according to the measures catalog’s structure, rather than that of the life cycle.

The component number is composed of the layer number in which the component is located and a unique number grunfschutz the layer. The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer. The forms provided serve to remedy protection needs for certain IT system components. The respective measures or threats, which are introduced in the component, can also be relevant for other components.