BSI Baseline Protection Manual - How to measure IT-Security

Thomas Biere

BSI BPM measure

IT-Security

• causes a lot of expenses
• is too expensive
• hinders the users to do their jobs
• causes much more work in the IT-administration - is only something for larger companies

Main ideas

• The whole system consists of typical components (e.g. server and client computers, operating systems)
• Threats and their probabilities are lumped together.
• Suitable groups of Standard Security Safeguards are recommended.
• Detailed pieces of advice for the implementation of these safeguards are included.

Advantages

• A simple target/performance comparison allows for economic application and procedures.
• Resulting IT security concepts are compact due to references to standard source.
• Practical, reliable, and effective safeguards are implemented.
• The concept is expandable and continuously updated.

The aim is

to achieve a security level for IT installations by appropriate employment of organisational, personnel, infrastructural, and technical standard security measures

which is adequate and sufficient for average protection requirements

and may also serve as a basis for IT applications with higher protection requirements.