Germany IT-Grundschutz workbook

To help organizations secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These standards consist of:

• BSI Standard 200-1 defines an an information security management system (ISMS) based on ISO/IEC 27001
• BSI Standard 200-2 describes how to set up and operate an ISMS according to the IT-Grundschutz methodology
• BSI Standard 200-3 contains all risk-related tasks
• The IT-Grundschutz Catalogues describe potential threats and safeguards for typical business environments