The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Mijar Voodoobar
Country: Bhutan
Language: English (Spanish)
Genre: Marketing
Published (Last): 18 July 2012
Pages: 441
PDF File Size: 16.28 Mb
ePub File Size: 14.82 Mb
ISBN: 731-3-11529-942-9
Downloads: 15344
Price: Free* [*Free Regsitration Required]
Uploader: Kajitaur

Finally, control questions regarding correct realization are given. It is not necessary to work through them to establish baseline protection. The table contains correlations between measures and the threats they address. This page was last edited on 29 Septemberat Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question.

Category A measures for the entry point into the subject, B measures expand this, and category C is ultimately katalogr for baseline protection certification. The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers.

CRISAM BSI und GSTOOL Knowledge Pack

trundschutz Through proper application of well-proven technical, organisational, personnel, and infrastructural safeguards, a security level is reached that is suitable and adequate to protect business-related information having normal protection requirements. Individual threat sources are described briefly.

The conclusion consists of a cost assessment. To keep each component as compact as possible, global aspects are collected in one component, while more specific information is collected into a second.

  EDS 3446-3 PDF

The topic of this article may not meet Wikipedia’s general notability guideline. In many areas, IT- Grundschutz even provides advice for IT systems and applications requiring a high level of protection. The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.

Baseline protection can only be ensured if all measures are realized. Degrees of realization, “considerable”, “yes”, “partial”, and “no”, are distinguished.

The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems.

CRISAM BSI und GSTOOL Knowledge Pack | Crisam

In the process, classification of measures into the categories Katakoge, B, C, and Z is undertaken. These present supplementary information.

This is followed by the layer number affected by the element. BundesanzeigerCologne The fourth layer falls within the network administrators task area. They summarize the measures and most important threats for individual components. The detection and assessment of weak points in IT systems often occurs by way of a risk assessmentwherein a threat potential is assessed, and the costs of damage to the system or group of similar systems are investigated individually.

Finally, examples of damages that can be triggered by these threat sources are given. If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous.


IT Baseline Protection Catalogs

Articles with topics of unclear notability from October All articles with topics of unclear notability. In this way, a network of individual components arises in the baseline protection catalogs. The aim of IT- Grundschutz is to achieve an appropriate security level for all types jt information of an organisation. To familiarize the user with the manual itself, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary.

If notability cannot ut established, the article is likely to be mergedredirectedor deleted. The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer.

Each measure is named and its degree of realization determined. This publication does not intend to make managers into security experts. Finally, a serial number within the iataloge identifies the element.

Measures, as well as threats, are cited with mnemonics. However, the cross-reference tables only cite the katalpge important threats. The component catalog is the central element, and contains the following five layers: C stands for component, M for measure, and T for threat.

A detailed description of the measures follows.