LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How is the layer model (Schichtenmodell) of the IT-Grundschutz-Kompendium structured?

Ten block families in two groups: process blocks (ISMS, ORP, CON, OPS, DER) and system blocks (IND, APP, SYS, NET, INF) — a "function-oriented" structure.

Tree: the Kompendium splits into process Bausteine (ISMS, ORP, CON, OPS, DER) and system Bausteine (IND, APP, SYS, NET, INF); SYS drills down into SYS.1 Server → SYS.1.1 General server.

* The Schichtenmodell — process Bausteine (ISMS, ORP, CON, OPS, DER) and system Bausteine (IND, APP, SYS, NET, INF), with each Baustein decomposing into sub-Bausteine (e.g. SYS → SYS.1 Server → SYS.1.1 General server). *

The block families:

Process blocks (Prozess-Bausteine) — organizational/overarching:

Code Meaning
ISMS Security management
ORP Organization & personnel
CON Concepts & procedures
OPS Operational security aspects
DER Detection & reaction (to security incidents)

System blocks (System-Bausteine) — concrete technology:

Code Meaning
IND Industrial IT (SCADA etc.)
APP Applications
SYS IT systems and components
NET Networks
INF Physical security / infrastructure

The old catalogs were system-oriented; the new model is function-oriented: overarching/process aspects are separated from systems, and responsibilities are bundled — another deliberate step toward the structure of ISO 27001.

Tip: Mnemonic for the process side: "ISMS ORganizes CONcepts, OPerates, DEtects & Reacts."

Go deeper:

From Quiz: ISM / IT-Grundschutz (BSI) | Updated: Jul 14, 2026