Quiz Entry - updated: 2026.07.14
What do the BSI Grundschutz Schichten (layers) — ISMS, ORP, CON, OPS, DER, IND, APP, SYS, NET, INF — cover?
Five process layers (ISMS, ORP, CON, OPS, DER) for management/operations, and five system layers (IND, APP, SYS, NET, INF) for the technology stack.
* Ten layers in two families — five process-Bausteine (management/operations) and five system-Bausteine (the technology stack). *
Process-Bausteine:
| Code | Stands for | Covers |
|---|---|---|
| ISMS | Sicherheitsmanagement | Governance and policies |
| ORP | Organisation & Personal | HR, roles, awareness |
| CON | Konzepte & Vorgehensweise | Architecture, planning |
| OPS | Betrieb | Day-to-day operations |
| DER | Detektion & Reaktion | Monitoring, incident response |
System-Bausteine:
| Code | Stands for | Covers |
|---|---|---|
| IND | Industrielle IT | ICS, OT, SCADA |
| APP | Anwendungen | Web apps, ERP, email, etc. |
| SYS | IT-Systeme | Servers, clients, mobile devices |
| NET | Netze & Kommunikation | LAN, WAN, wireless, VPN |
| INF | Infrastruktur | Buildings, cabling, power |
Tip: This taxonomy is more granular than ISO 27002's four themes — which is why BSI Grundschutz can be more concrete in practice. The trade-off is the larger document set you have to navigate.
Go deeper:
IT-Grundschutz-Kompendium — Schichtenmodell (official, DE) — the source that groups the Bausteine into ten Schichten.
IT baseline protection (Wikipedia, EN) — English overview of the module/layer structure.