IT GRUNDSCHUTZ KATALOGE PDF

June 28, 2020 posted by

The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge are a collection of documents from the German Federal Office for Security in Information. @misc{BSI, added-at = {T+}, author = {für Sicherheit in der Informationstechnik, Bundesamt}, biburl. IT-Grundschutz-Kataloge. 2 likes. Book. IT-Grundschutz-Kataloge. Book. 2 people like this topic. Want to like this Page? Sign up for Facebook to get started.

Author: Gakus Kagazshura
Country: Ethiopia
Language: English (Spanish)
Genre: Science
Published (Last): 12 May 2009
Pages: 126
PDF File Size: 14.12 Mb
ePub File Size: 9.5 Mb
ISBN: 340-1-30473-296-9
Downloads: 17014
Price: Free* [*Free Regsitration Required]
Uploader: Mikajin

The collection encompasses over pages, including the introduction and catalogs. It serves as the basis for the IT baseline protection certification of an enterprise. IT baseline protection protection encompasses standard security measures for typical IT systems, with normal protection needs. The detection and assessment of weak points in IT systems often occurs by way of a risk assessmentwherein a threat potential is assessed, and the costs of damage to the system or group grunvschutz similar systems are investigated individually.

This ig is very time-intensive and very expensive. In this way, a security level can be achieved, viewed as adequate in most cases, and, consequently, replace geundschutz more expensive risk assessment. In cases in which security needs are greater, such protection can be used as a basis for further action.

To familiarize the user with the manual katallge, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary. The component catalogs, threat catalogs, and the measures catalogs follow these introductory sections. Here you can also find the Baseline Protection Guide, containing support functions for implementing IT baseline protection in procedural detail.

Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first. C stands for component, M for measure, and T for threat. This is followed by the layer number affected by the element. Finally, a serial grundschtz within the layer grjndschutz the element. The component catalog is the central element, and contains the following five layers: Partitioning into layers clearly isolates personnel groups impacted by a given layer from the layer in question.

The first layer is addressed to katalogrincluding personnel and outsourcing. The second is addressed to in-house technicians, regarding structural aspects in the infrastructure layer. Grundcshutz administrators cover the third layer, looking at the characteristics of IT systems, including clientsservers and private branch exchanges or fax machines.

The fourth layer falls within the network administrators task area. The fifth within that of the applications administrator and the IT user, concerning software like database management systemse-mail and web servers. Each individual component follows grunddchutz same layout.

  BUNDY THE DELIBERATE STRANGER PDF

The component number is composed of the layer number in which the component is located and a unique number within the layer. The given threat situation is depicted after a short description of the component examining the facts. An itemization of individual threat sources ultimately follows. These kataloe supplementary information. It is not necessary to work through them to establish baseline protection.

The necessary measures are presented in a text with short illustrations. The text follows the facts of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.

After a complete depiction, individual measures are once again collected into a list, which is arranged according to the measures catalog’s structure, rather than that of the life cycle.

In the process, classification of measures into the categories A, B, C, and Z is undertaken. Category A measures for the entry point into the subject, B measures expand this, and category C is ultimately necessary for baseline protection certification. Category Z measures any additional measures that have proven themselves in practice. To keep each component as compact katalloge possible, global aspects are collected in one component, while more specific information is collected into a second.

In the example of an Apache web server, iit general B 5.

Both components must be successfully implemented to guarantee the system’s security. The respective measures or threats, which are introduced in the component, can grundzchutz be relevant for other components.

Bundesamt für Sicherheit in der Informationstechnik

In this way, a network of individual components arises in the baseline protection catalogs. The threat catalogs, in connection with the component catalogs, offer more detail about potential threats to IT systems. These threat catalogs follow the general layout in layers. According to the BSI, the knowledge collected in these catalogs is not necessary to establish baseline protection. Baseline protection does, however, demand an understanding of the measures, as well as the vigilance of management.

Individual threat sources are described briefly. Finally, examples of damages that can be triggered by these threat sources are given.

The measures catalogs summarize the actions necessary to achieve baseline protection; measures appropriate for several system components are described centrally. In the process, layers are used for structuring individual measures groups. The following layers are formed: Managers gruundschutz initially named to initiate and realize the measures in the respective measures description. A detailed description of the measures follows. Finally, control questions regarding correct realization are given.

  ATTRIBUTE-BASED ENCRYPTION WITH VERIFIABLE OUTSOURCED DECRYPTION PDF

During realization of measures, personnel should verify whether adaptation to the operation in question is necessary; any kataloe from the initial measures should be documented for future reference.

IT Baseline Protection Catalogs – Wikipedia

The forms provided serve to remedy protection needs for certain IT system components. A table summarizes the measures to be applied for individual components in this regard. Each measure is named and its degree of realization determined. Degrees of realization, “considerable”, “yes”, “partial”, and “no”, are distinguished.

BSI – IT-Grundschutz

Finally, the realization is terminated and a manager is named. If the measures’ realization is grundschktz possible, reasons for this are entered in the adjacent field for later traceability. The conclusion consists of a cost assessment. Besides the forms, the cross-reference tables another useful supplement.

They summarize the measures and most important threats for individual components.

Measures, as well as threats, are cited with mnemonics. Measures are cited with a priority and a classification. The table contains correlations between measures and the threats they address. However, the kataolge tables grundschugz cite the most important threats. If the measure cited for a given threat is not applicable for the individual IT system, it is not superfluous. Baseline protection can only be ensured if all measures are realized.

From Wikipedia, the free encyclopedia. The topic of this article may not meet Wikipedia’s general notability guideline. Please help to establish grundscutz by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention.

If notability cannot be established, the article is likely to be mergedredirectedor deleted. IT Baseline Protection Handbook. Federal Office for Security in Information Technology. BundesanzeigerCologne Federal Office for Security in Information Technology, version.

Retrieved from ” https: Articles with oataloge of unclear notability from October All articles with topics of unclear notability.

Views Read Edit View history. Languages Deutsch Italiano Edit links. This page was last edited on 29 Septemberat By using this site, you agree to the Terms of Use and Privacy Policy.