Germany IT-Grundschutz workbook

To help organizations secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These standards consist of:

  • BSI Standard 200-1 defines an an information security management system (ISMS) based on ISO/IEC 27001
  • BSI Standard 200-2 describes how to set up and operate an ISMS according to the IT-Grundschutz methodology
  • BSI Standard 200-3 contains all risk-related tasks
  • The IT-Grundschutz Catalogues describe potential threats and safeguards for typical business environments