Quiz Entry - updated: 2026.07.14
What is the central idea of IT-Grundschutz in one sentence?
Most IT environments face similar threats, vulnerabilities, and risks — so a standard control catalogue (Bausteine + Massnahmen) provides 80% of the protection without expensive per-asset risk analysis.
* Because most IT faces similar threats, a standard catalogue delivers ~80% protection — offered as Basis-, Kern- and Standard-Absicherung. *
The recurring features:
- Ähnliche Abläufe und IT-Komponenten überall.
- Typische Gefährdungen, Schwachstellen, Risiken.
- Typische Geschäftsprozesse und Anwendungen.
- Typische IT-Komponenten.
From this:
- A Gerüst (scaffold) of security management can be built once and reused.
- Three central aspects: Wiederverwendbarkeit, Anpassbarkeit, Erweiterbarkeit.
Three protection-need variants of IT-Grundschutz exist:
| Variant | Use case | Risk management? |
|---|---|---|
| Basis-Absicherung | Quick-start, need a baseline across all processes | None required |
| Kern-Absicherung | Focus on the "Kronjuwelen" (crown jewels) — most critical processes | Required for the kern |
| Standard-Absicherung | The classic full-scope coverage (old BSI 100-2 mode) | Required for objects with high protection need |
Tip: Most organisations start with Basis (deploy baseline everywhere, no risk analysis) and selectively upgrade to Kern for crown-jewel systems. That gets you to "defensible" quickly without drowning in risk-analysis paperwork.
Go deeper:
BSI IT-Grundschutz (official overview, EN) — the standardised-baseline philosophy, straight from the source.
IT baseline protection (Wikipedia, EN) — how baseline protection deliberately skips the initial detailed risk analysis.