LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the goal of the Schutzbedarfsfeststellung (protection needs assessment), and in what order is it performed?

It determines how much protection each object of the information domain needs — assessed first for applications/data, then derived for systems, communication links, and rooms.

Goal: a justified, comprehensible answer to three questions:

  • How much protection do the identified objects need?
  • How do we arrive at a well-founded assessment?
  • Which objects have elevated protection needs?

Procedure:

  1. Define the protection-need categories for your organization (individualization — what does "high damage" mean for us?)
  2. Assess protection needs:
    • of IT applications and data first,
    • derived from that: IT systems,
    • derived further: communication links and IT rooms
  3. Document and interpret the results (understandable for management!)

Tip: The order mirrors the inheritance chain — you can't assess a server before knowing what runs on it, nor a room before knowing what's racked in it.

Go deeper:

From Quiz: ISM / IT-Grundschutz (BSI) | Updated: Jul 05, 2026