LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the three approaches for dealing with risks, and when does Grundschutz alone over- or under-protect?

Pure Grundschutz (standard measures), pure risk analysis (custom measures), or the BSI's combined two-stage approach — because a flat standard level inevitably over-protects some assets and under-protects others.

Three risk-handling approaches: Grundschutz only, Risikoanalyse only, BSI combined.

* Three ways to handle risk — Grundschutz only, Risikoanalyse only, and the BSI kombinierter Ansatz. *

1. Grundschutz — standardized measures, only a general risk consideration. Cheap and fast, but: the standard level is a horizontal line across all assets — assets with low protection need get Über-Schutz (over-protection, wasted money), assets with high need get Unter-Schutz (dangerous gaps).

2. Risikoanalyse — specific measures from a detailed risk analysis per object. Precise but expensive if done for everything.

3. Kombinierter Ansatz (combined, two-stage — the BSI way):

  • Grundschutz for objects with low and medium protection needs
  • Additional risk analysis for objects with high and very high protection needs

This gets ~80% of the coverage at standard cost and spends analysis effort only where it pays off.

Tip: The picture to remember: a flat waterline (Grundschutz) over a skyline of varying building heights (protection needs) — some buildings drown, some tower above.

Go deeper:

From Quiz: ISM / IT-Grundschutz (BSI) | Updated: Jul 05, 2026