Loopus Labs
LOOPUSLABS
Loopus

Pro Content

This lesson requires Loopus Pro access. Upgrade to unlock all courses, labs, and challenges.

← Back to course
German ComplianceBSI IT-Grundschutz

IT-Grundschutz Kompendium

35 min
theory
+60 XP

Learning Objectives

  • Navigate the IT-Grundschutz Kompendium effectively
  • Understand Baustein structure and requirement levels
  • Select and implement relevant modules for organizational needs

The IT-Grundschutz Kompendium

The IT-Grundschutz Kompendium serves as the central reference containing all building blocks with their associated security measure recommendations. Understanding its structure enables efficient navigation and appropriate module selection.

Kompendium Structure

The Kompendium organizes building blocks into categories addressing different aspects of information security. Process building blocks cover organizational and management concerns. The ISMS category addresses security management system requirements. ORP covers organization and personnel security. CON addresses security concepts and planning.

System building blocks address technical components. The APP category covers application security across various software types. SYS addresses servers, clients, and other system components. NET covers network security including segmentation, filtering, and communication security. INF addresses physical infrastructure including facilities, rooms, and environmental controls.

Additional categories address specialized areas. IND covers industrial IT and operational technology. DER addresses detection and response capabilities. OPS covers operational security processes.

Building Block Structure

Each building block follows a consistent structure. An introduction describes the module scope and boundaries. The threat landscape section catalogs relevant threats the module addresses. Requirements specify what organizations must implement, organized by requirement level. Implementation guidance provides detailed advice for meeting requirements.

Requirement Levels

Basic requirements represent minimum standards applicable to all organizations. These fundamental measures address the most critical threats and should be implemented universally. Standard requirements extend beyond basics to address typical organizational needs. Most organizations should implement standard requirements.

Enhanced protection requirements provide additional measures for high-security environments. Organizations with elevated protection needs due to classified information, critical infrastructure status, or high-value assets should implement enhanced requirements.

Module Selection

Organizations select relevant building blocks based on their structural analysis and protection needs assessment. The structural analysis documents what IT systems, applications, and infrastructure exist. Protection needs assessment determines the security requirements for each element. Building block selection then identifies which modules apply to which organizational elements.

Answer the Questions0 / 3 completed

📚 KnowledgeQuestion 1

What is the collection of Ground Protection modules called?

Answer exact match required
📚 KnowledgeQuestion 2

What is the minimum requirement level?

Answer exact match required
📚 KnowledgeQuestion 3

What are the modular units called (German)?

Answer exact match required
Answer all questions correctly to unlock the next lesson
Previous
Answer all questions to continue