BIC BSI Grundschutz: The business side

The individual components of BSI IT-Grundschutz cover all relevant aspects of information security in typical business processes and applications. They are structured into applications, IT systems, industrial IT, networks and communication, infrastructure, security management, organization and human resources, concept design and approach, detection, and reaction as well as operations. You can identify your own assets and assign them to the components contained in BIC BSI Grundschutz.

A security requirements analysis for your information security goals concerning trust, integrity and availability can be defined for the assets identified in BSI IT-Grundschutz. The objective of the security requirements analysis is to determine how suitable the protection is for the information or information technology that is used.

BIC BSI Grundschutz contains the security requirements control catalog from BSI IT-Grundschutz in all three protection levels (basic, standard and higher security requirements) as well as their instructions for designing a security concept. These security requirements are already mapped to the components – and, therefore, the relevant assets – in line with the recommendations in BSI IT-Grundschutz. The measures recommended in the control catalogs are compared here with the measures that have already been implemented in your company and evaluated based on their implementation status. This makes it possible to implement the recommended security requirements accordingly, document variances, and present them transparently for certifications.

If you have not fulfilled the security requirements sufficiently, you can create risks and evaluate them based on their probability of occurrence and impact of damages. BIC BSI Grundschutz offers a choice of qualitative and quantitative evaluations. The Elementary Dangers of the BSI IT-Grundschutz, which are contained as a risk catalog in BIC BSI Grundschutz are mapped based on BSI recommendations to the applicable security requirements and enable you to create risks in the right context depending on vulnerabilities and requirements. Furthermore, you can create, document and track measures based on their implementation levels, costs, requirements as well as any reductions in damages or the probability of their occurrence.

Since the implementation instructions and design of BSI IT-Grundschutz are very similar to ISO/IEC 27001:2013, you can map the requirements from BSI IT-Grundschutz and the measure catalog from Annex A of the ISO standard in BIC BSI Grundschutz. Due to this mapping, the solution will automatically calculate the fulfillment level of the measures from Annex A of ISO 27001 following the calculation of the BSI IT-Grundschutz security requirements. This list of the fulfillment level of Annex A is also available as a printable management report. 

The fulfillment levels of the respective BSI security requirements are listed by components and, therefore, assigned to their assets. You can view them clearly in the dashboard and navigate them individually. By clicking on a specific implementation status, you can drill into the control assessment and process your evaluations further. You benefit by gaining access to information on the fulfillment or completion levels at any time and creating reports for management or auditors much more easily.