Security Concept in Accordance with BSI Basic Protection Methods

Security concepts consist of two basic components: on the one hand, the analysis of potential danger and threat scenarios, and on the other, the identification and definition of protection goals and the resulting need for protection. With the aid of these two components, appropriate security requirements can be described in a security concept. 

“Appropriate” means that despite the existing threat, the desired level of protection can be achieved through the security measures taken. In order to achieve a functioning security concept and the desired protective effect, technical, structural and organisational security requirements must be coordinated with one another.

As the threat posed by a threat scenario is very dynamic and can change over time, it’s essential to regularly review the security measures for their effectiveness.

Further components / tools of a security concept are: 

• Determination and evaluation of the object under consideration.
• Definition of the protection goals
• Determination of protection requirements
• Analysis of possible threat scenarios
• Risk analysis
• Development of possible security measures (structural, technical, organisational)
• Observance of legal or sector-specific requirements (TISAX, ISO 27000 Family of Standards, B3S, KRITIS-V, BSI IT Basic Protection (BSI IT Grundschutz), etc.)