LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What investigation methods can follow a supplementary security analysis?

Classical risk analysis, penetration testing, or a differential security analysis comparing implemented measures against best practices.

Three deeper investigation methods, each with the question it answers.

* Three follow-up methods — klassische Risikoanalyse, Penetrationstest, Differenz-Sicherheitsanalyse — and the question each answers. *

Three deeper investigation approaches:

1. Klassische Risikoanalyse (classical risk analysis):

  • Identify relevant threats and vulnerabilities
  • Estimate occurrence frequencies and damage magnitudes

2. Penetrationstest:

  • Simulate attacker behavior against the real system
  • Distinguish black-box (attacker has no internal knowledge) and white-box (tester has full documentation/source access) approaches

3. Differenz-Sicherheitsanalyse (differential security analysis):

  • Determine which implemented measures already go beyond Grundschutz
  • Compare whether these measures match the best practices established for highly protection-needy IT areas

They answer different questions: risk analysis = "what could happen?"; pentest = "what can an attacker actually do today?"; differential analysis = "are we at the state of the art for high-security areas?"

From Quiz: ISM / IT-Grundschutz (BSI) | Updated: Jun 20, 2026