BSI IT Grundschutz Methodology

Nowadays, many institutions in business and management are dependent on the smooth functioning of IT. Due to this increasing dependency and the growing threat potential information security is becoming ever more important.

With the IT Grundschutz Methodology the German Federal Office for Information Security (BSI) provides a methodology for security management combined with concrete recommendations for measures. These recommendations cover not only technical but also organisational, personnel and structural aspects.

In general, the BSI IT Grundschutz Methodology offers a recognised approach to the development and review of security concepts. For common areas of application, it also includes recommendations for measures which serve to reach a certain security level, which can be built upon easily in case the security requirements increase. In order to adapt the recommended measures to the specific companies so-called building blocks are used; so the structure of the company is taken account of. The building blocks contain information regarding potential threats as well as measures for counteracting these threats.

The BSI GSTOOL is used for creating such security concepts and is particularly widespread in Germany. Beside the official GSTOOL CRISAM® offers a tool for establishing IT Baseline Protection in the company. As the CRISAM® structure is similar to the modular structure of BSI IT Grundschutz Methodology CRISAM® is meanwhile listed as an official alternative to the GSTOOL. [BSI Website]

The CRISAM® Explorer provides all the necessary building blocks for presenting all baseline protection topics. In addition, it offers numerous possibilities for advanced risk management, e.g. monetary assessment. The modelling of the risk objects occurs in a fault tree. So the entire IT risk management process can be mapped. Another big advantage is due to the customizable reporting capabilities of CRISAM® which generate clear and succinct reports.