8 Apr The ISA99 WG4 was discussing a security methodology called BSI IT grundschutz that was new to me. Hans Daniel provided a very concise. DownloadBsi it grundschutzhandbuch pdf. zip file to my submission channel by clicking Browse, navigating to and selecting the file, then clicking Send. File. 28 Jul Federal Office for Information Technology Security [BSI] The IT – Grundschutzhandbuch provides comprehensive descriptions of IT – systems.

Author: Faumuro Daikasa
Country: Malta
Language: English (Spanish)
Genre: Finance
Published (Last): 1 April 2004
Pages: 271
PDF File Size: 18.89 Mb
ePub File Size: 6.43 Mb
ISBN: 577-6-34508-897-6
Downloads: 17779
Price: Free* [*Free Regsitration Required]
Uploader: Bakora

This is followed by the layer number affected by the element. Therefore, part grundschutzhandbich covers component security. Why do a risk analysis? They summarize the measures and most important threats for individual components. The IT – Grundschutzhandbuch provides comprehensive descriptions of IT – systems, including considered measures and threats. The text follows the grundschugzhandbuch of the life cycle in question and includes planning and design, acquisition if necessaryrealization, operation, selection if necessaryand preventive measures.

Supporting Federal offices responsible for the prevention and tracing of criminal offenses, including Federal and State Offices for the Protection of the Constitution, as far as this is necessary to prevent criminal acts, efforts or activities, which are directed at the security in information technology or result from the use of information technology.

Or does it implement its very own approach to address the specifics of the industrial automation world? Enter Your Email Address. However, the cross-reference tables only cite the most important threats.

From Wikipedia, the free encyclopedia.

Now, concerning the German speaking context, Grundschutz is not dominant despite of the millions of German tax payer money poured into it. Unluckily, my projects were stalled by the same activities presently seem to hit ISA:. The Federal Office for Information Technology Security publishes an annual IT – Grundschutzhandbuch [Information Technology Protection Handbook] which defines, for a multitude of information technology systems, the necessary IT-security precautions which are necessary for basic protection.


In cases in which security needs are greater, such protection can be used as a basis for further action. It mus be the language. Each catalog element is identified by an individual mnemonic laid out according to the following scheme the catalog groups are named first.

IT Baseline Protection Catalogs – Wikipedia

I have made it a habit to accept all the blame for pretty much everything. Humor aside, there is bsi grundschutzhandbuch interesting detail grunxschutzhandbuch that is not addressed with the same grundschutzhanfbuch in SP The measures catalogs summarize the actions necessary to bsi grundschutzhandbuch baseline protection; measures appropriate for several system components are described centrally.

The aim of IT- Grundschutz is to achieve an appropriate security grunddchutzhandbuch for all types of information of an organisation. BundesanzeigerCologne Category A measures for the entry point into the subject, B measures expand this, and category C is ultimately necessary for baseline protection certification.

Worse, in my opinion the approach of the version I know v17 is wrong by principle. No, part 1 is frozen until the deadline for comments ends this summer. However, most of the. Finally, a serial number within the layer identifies the element.

The threat catalogs, in connection with the component catalogs, offer grundschutzhandubch detail about potential threats to IT systems.

IT Baseline Protection Catalogs

And finally, part 4 covers plant security. Being derived, the IT grundschutz will never be up-to-date.

However, the technical implementation knowledge proposed by the IT grundschutz is largely derived from other sources, in particular manufacturer product data and experience using it. According to the BSI, the knowledge collected in these catalogs is not necessary to establish baseline protection.


To respond to Hans comment about focusing only on ISA — I would be keen to understand if people feel that this would work together with, for example, NERC CIP in North America, or any mandatory standard that may be put in place in Europe which I know would be a number of years awayor in any other country?

The Grundschutz is misleading to use a huge perfected precise automatism without questioning its basis, the risk analysis in SCADA. At the time all these measures were contained in 25 pages. About Us Digital Bond was founded in and performed our first control system security assessment in the year As a proof, grundschutzhxndbuch the google hit count in the. If notability cannot be established, the article is likely to be mergedredirectedor deleted.

All it took was a few e-mails …. Besides the forms, the cross-reference tables another useful supplement. The collection encompasses over pages, including the introduction and catalogs. Languages Deutsch Italiano Edit links. Instead, it presents the information that decision makers need to assess the topic of information security and possible courses of action, to ask their experts the right questions and to set objectives.

To familiarize the grhndschutzhandbuch with the manual itself, it contains an introduction with explanations, the approach to IT baseline protection, a series of concept and role definitions, and a glossary. No, part 1 is frozen until the deadline for comments ends this summer.

Measures, as well as threats, are cited with mnemonics. Measures, as well as threats, are cited with mnemonics.