1 / 370
time's up — finish this card
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Topic
ISMS & Security Standards (ISO 27k, NIST, BSI)
Question
What does BSI-Standard 200-2 add on top of 200-1?
Answer
200-2 is the practical playbook: how to actually build and run an ISMS using IT-Grundschutz, with concrete tasks, organisation, security concepts, and control selection.
* The 200-2 security-process lifecycle — a PDCA loop spelled out in German, from initiation to continuous improvement. *
200-2 makes 200-1 concrete:
- Describes the Aufbau und Betrieb of an ISMS in der Praxis.
- Tasks of IT-Sicherheitsmanagement.
- Organisational structures for information security.
- Guidance for Erstellung eines Sicherheitskonzepts.
- Selection of angemessene Sicherheitsmassnahmen.
- Aufrechterhalten and improvement of the ISMS over time.
The cycle:
Initiierung des Sicherheitsprozesses
└→ Erstellung der Leitlinie zur Informationssicherheit
└→ Organisation des Sicherheitsprozesses
└→ Erstellung einer Sicherheitskonzeption
└→ Umsetzung der Sicherheitskonzeption
└→ Aufrechterhaltung und Verbesserung
└→ (loop)
That's PDCA spelled out in German.
Tip: 200-2 explicitly references the IT-Grundschutz-Kompendium for the control content — 200-2 tells you how to pick controls, the Kompendium provides which controls. Together they form a complete cookbook.
Go deeper:
BSI-Standards overview (official, DE) — 200-2 as the practical BSI methodology for building an ISMS.
IT-Grundschutz (Wikipedia, DE) — situates the 200-2 method within the wider Grundschutz process.
or press any other key
Note saved — thanks!