Quiz Entry - updated: 2026.07.05
What is BSI Standard 200-2 and what does it cover?
BSI 200-2 (IT-Grundschutz Methodology) provides practical guidance for building and operating an ISMS, including creating a security concept and selecting appropriate security measures.
BSI 200-2 concretizes BSI 200-1 by describing:
- IT security management tasks — Roles and responsibilities
- Building organizational structures for information security
- Creating a security concept — Step-by-step approach
- Selecting appropriate security measures — Based on the IT-Grundschutz-Kompendium
- Maintaining and improving information security over time
The six-phase security process (defined in BSI 200-1, which 200-2 operationalizes step by step):
- Initiation of the security process
- Creation of the information security guideline
- Organization of the security process
- Creation of a security concept
- Implementation of the security concept
- Maintenance and improvement
Tip: BSI 200-2 is the most hands-on standard in the BSI family — it's where you find the actual methodology for day-to-day ISMS work.