LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the central idea of IT-Grundschutz in one sentence?

Most IT environments face similar threats, vulnerabilities, and risks — so a standard control catalogue (Bausteine + Massnahmen) provides 80% of the protection without expensive per-asset risk analysis.

Similar threats lead to a standard control catalogue giving about 80% protection, with three Absicherung variants

* Because most IT faces similar threats, a standard catalogue delivers ~80% protection — offered as Basis-, Kern- and Standard-Absicherung. *

The recurring features:

  • Ähnliche Abläufe und IT-Komponenten überall.
  • Typische Gefährdungen, Schwachstellen, Risiken.
  • Typische Geschäftsprozesse und Anwendungen.
  • Typische IT-Komponenten.

From this:

  • A Gerüst (scaffold) of security management can be built once and reused.
  • Three central aspects: Wiederverwendbarkeit, Anpassbarkeit, Erweiterbarkeit.

Three protection-need variants of IT-Grundschutz exist:

Variant Use case Risk management?
Basis-Absicherung Quick-start, need a baseline across all processes None required
Kern-Absicherung Focus on the "Kronjuwelen" (crown jewels) — most critical processes Required for the kern
Standard-Absicherung The classic full-scope coverage (old BSI 100-2 mode) Required for objects with high protection need

Tip: Most organisations start with Basis (deploy baseline everywhere, no risk analysis) and selectively upgrade to Kern for crown-jewel systems. That gets you to "defensible" quickly without drowning in risk-analysis paperwork.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026