Quiz Entry - updated: 2026.07.14
What are the three protection-need categories recommended by IT-Grundschutz?
Normal (limited, manageable damage), hoch (considerable damage), sehr hoch (existentially threatening, catastrophic damage).
* The three Schutzbedarf categories — normal, hoch, sehr hoch — by maximum damage and the analysis each triggers. *
The categories are defined by the maximum damage and consequential damage that could result from a loss of confidentiality, integrity, or availability:
| Category | Damage level |
|---|---|
| Normal (niedrig bis mittel) | Limited and manageable (begrenzt und überschaubar) |
| Hoch (high) | Considerable damage possible (beträchtlich) |
| Sehr hoch (very high) | Existentially threatening, catastrophic damage possible |
Consequences for the methodology (interpretation of results):
- Normal → standard security measures (Grundschutz) suffice
- Hoch → standard measures + possibly a supplementary security analysis
- Sehr hoch → standard measures + mandatory supplementary security analysis
Tip: Only three categories on purpose — finer scales create endless debates about category boundaries while changing nothing about the resulting measures.
Go deeper:
Lektion 4: Schutzbedarfsfeststellung (BSI Online-Kurs) — Definiert die Kategorien normal/hoch/sehr hoch über Schadensszenarien.