Germany IT-Grundschutz workbook
To help organizations secure IT systems, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created a baseline set of standards for protecting information technology (in German, IT-Grundschutz). These standards consist of:
- BSI Standard 200-1 defines an an information security management system (ISMS) based on ISO/IEC 27001
- BSI Standard 200-2 describes how to set up and operate an ISMS according to the IT-Grundschutz methodology
- BSI Standard 200-3 contains all risk-related tasks
- The IT-Grundschutz Catalogues describe potential threats and safeguards for typical business environments