Quiz Entry - updated: 2026.06.20
What investigation methods can follow a supplementary security analysis?
Classical risk analysis, penetration testing, or a differential security analysis comparing implemented measures against best practices.
* Three follow-up methods — klassische Risikoanalyse, Penetrationstest, Differenz-Sicherheitsanalyse — and the question each answers. *
Three deeper investigation approaches:
1. Klassische Risikoanalyse (classical risk analysis):
- Identify relevant threats and vulnerabilities
- Estimate occurrence frequencies and damage magnitudes
2. Penetrationstest:
- Simulate attacker behavior against the real system
- Distinguish black-box (attacker has no internal knowledge) and white-box (tester has full documentation/source access) approaches
3. Differenz-Sicherheitsanalyse (differential security analysis):
- Determine which implemented measures already go beyond Grundschutz
- Compare whether these measures match the best practices established for highly protection-needy IT areas
They answer different questions: risk analysis = "what could happen?"; pentest = "what can an attacker actually do today?"; differential analysis = "are we at the state of the art for high-security areas?"