The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Malazragore Samujora
Country: Singapore
Language: English (Spanish)
Genre: Science
Published (Last): 3 September 2005
Pages: 142
PDF File Size: 20.82 Mb
ePub File Size: 15.75 Mb
ISBN: 487-8-41207-847-7
Downloads: 66789
Price: Free* [*Free Regsitration Required]
Uploader: Narisar

Finally, a serial number within the layer identifies the element. In this way, a security level can be achieved, viewed as adequate in most cases, and, consequently, replace the more expensive risk assessment. They summarize the measures and most important threats for individual components.

In the process, layers are used for structuring individual measures groups. In the example of an Apache web server, kaaloge general B 5. The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.

BSI – IT-Grundschutz – IT-Grundschutz International

The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections. The following layers are formed: This approach is very time-intensive and very expensive.

It serves as the basis for the IT baseline protection certification of an enterprise. Measures are cited with a priority and a classification. If the measures’ realization is not possible, reasons for this are entered in the adjacent field for later traceability. You will find in the IT- Grundschutz Catalogues the modules, threats and safeguards.


The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers. The table contains correlations between measures and the threats they address.

OWASP Review BSI IT-Grundschutz Baustein Webanwendungen

Federal Office for Security in Information Technology, version. IT- Grundschutz The aim of IT- Grundschutz is to achieve an appropriate security level for all types of information of an organisation.

To keep each component as compact as possible, global aspects are collected in one component, while more specific information is collected into a second.

Finally, examples of damages that can be triggered by these threat sources are given. Individual threat sources are described briefly. Each individual component follows the same layout.

BSI-Grundschutz Katalog | BibSonomy

Category Z measures any additional measures that have proven themselves in practice. Both components must be successfully implemented to guarantee the system’s security. A detailed description of the measures follows. The aim of IT- Grundschutz is to achieve an appropriate security level for all types of information of an organisation.

An Overview you will find in the Decision Guide for Managers. The given threat situation is depicted after a short description of the component examining the facts. This page was last edited on 29 Septemberat The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems.


This publication does not intend to make managers into security experts. C stands for component, M for measure, and T for threat.

The first layer is addressed to managementincluding personnel and outsourcing. If notability cannot be established, the article is likely to be mergedredirectedor deleted. In cases in which security grundschuta are greater, such protection can be used as a basis for further action.

In many areas, IT- Grundschutz even provides advice for IT systems and applications requiring a high level of protection. Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog grunddchutz are named first. IT baseline protection protection encompasses standard security measures for typical IT systems, with normal protection katapoge. The topic of this article may not meet Wikipedia’s general notability guideline. Measures, as well as threats, are cited with mnemonics.

If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous.

BundesanzeigerCologne Managers are initially named to initiate and realize the measures in the respective measures description. From Wikipedia, the free encyclopedia.

A table summarizes the measures to be applied for individual components in this regard.