From the Introduction:
In our modern information and communication society, administrative tasks, both public and in industry, are increasingly routinely supported by the use of information technology (IT). Numerous work processes are electronically controlled and large amounts of information are stored in digital form, electronically processed and transferred on local and public networks. Many tasks performed within both the public and private sectors are simply not possible without IT, while others can only be partially performed without IT. Consequently many public or private sector organisations are totally reliant on the correct functioning of their IT assets. An organisation can only achieve its objectives if IT assets are used in a proper and secure manner.
The IT Grundschutz Manual
presents a detailed set of standard security measures which apply to virtually every IT system. It provides:
- standard security measures for typical IT systems with "normal" protection requirements,
- a description of the threat scenario that is globally assumed,
- detailed descriptions of safeguards to assist with their implementation,
- a description of the process involved in attaining and maintaining an appropriate level of IT security and
- a simple procedure for ascertaining the level of IT security attained in the form of a target versus actual comparison.
Because information technology is a highly innovative area and is constantly undergoing further development, the present manual is designed to be easily updated and expanded. The BSI
continuously updates the manual and expands it to include new subjects on the basis of user surveys.