SC550: BSI™ IT-Grundschutz Practitioner

Agenda:

• Introduction and fundamentals of IT security and legal framework
  • Motivation for information security and distinction from data protection
  • Definitions
    • (Types and importance of Information, security objectives, aspects of integrity, availability, confidentiality etc.)
  • IT compliance and IT governance
  • Legal regulations
    • (BSIG, IT-SiG etc.), standards and norms in Information Security
      
      
• Standards and norms of information security
  • Overview, purpose and structure of relevant standards and guidelines (e.g. ISO 2700x etc.)
  • Cobit, ITIL etc.
  • IT-Grundschutz-Compendium
  • Industry-Specific Security Standards and IT-Grundschutz-Profiles
    
    
• Introduction IT-Grundschutz
  • IT-Grundschutz-Components
  • Standards: 200-1 "Management Systems for Information Security" / 200-2 "IT-Grundschutz-Methodology" / 200-3 "Risk Analysis Based on IT-Grundschutz" / 100-4 "Emergency Management"
  • IT-Grundschutz-Compendium: Module Structure and Contents such as: APP, CON, DER, IND, INF, ISMS, NET, OPS, ORP and SYS
  • The security organization and responsibilities in the ISMS
  • Security process (Implementation of an ISMS as integrated management system)
  • Documentation in the security process (policy, guidelines, reference documents, concepts)
  • Roles, responsibility and tasks (policy, information security officers, ICS-information security officers, information management team, etc.)
  • Creating a Security Concept According to the Different Approaches of IT-Grundschutz:
    • Basic protection, standard protection, core protection
      
      
• IT-Grundschutz-Approach (Overview)
  • Key questions for IT-Grundschutz-Protection
  • Basic requirements
  • Standard requirements
  • Requirements for elevated protection needs
  • Choice of approach using practical example
    
    
• Compendium (Overview)
  • Structure and application of the compendium
  • ISMS (information security management system)
  • Process modules
  • System modules
  • Implementation guidelines
    
    
• Implementation of the IT-Grundschutz-Approach
  • Defining the scope and information network
  • Structural analysis, creating simplified network plan, network plan survey
  • Capturing business processes and associated applications as well as IT systems, rooms
  • Protection requirement categories, approach and inheritance (maximum principle, distribution and cumulation effect)
  • Modeling an information network according to IT-Grundschutz
    • (approach, documentation, adapting requirements)
      
      
• IT-Grundschutz-Check
  • What is being audited?
  • Preparation and execution
  • Documenting IT-Grundschutz-Check
  • Decision criteria
  • Example for documentation
  • Example for execution
    
    
• Risk analysis according to 200-3
  • The elementary threats as well as other threat overviews
  • Approach for risk assessment and risk treatment
  • Example for risk assessment
    
    
• Implementation plan
  • Developing and documenting measure plan
  • Determining implementation sequence and responsibility
  • Planning accompanying measures
  • Estimating efforts
    
    
• Maintenance and continuous improvement
  • Key questions for review
  • Review procedures
  • Key performance indicators
  • Maturity models
    
    
• Certification and acquisition of IT-Grundschutz-Certificate Based on ISO-27001
  • Types of audits e.g. process and product audit
  • Principles of auditing 1st, 2nd, 3rd party auditors
  • Model of accreditation and certification
  • Process of BSI™ certification process
  • Tools and utilities for implementation of an ISMS
    
    
• IT-Grundschutz-Profiles
  • Structure and creation of a profile
  • Application and usage possibilities of published profiles
    
    
• Preparation of an audit
  • Planning and preparation
    • Roles, responsibilities, independence, audit plan, checklists, combination of audits, synergy effects
  • Audit process activities
    • Team assembly, document preparation, on-site audit planning, handling non-conformities
  • Reporting
    • Content and structure, approval and distribution, storage and confidentiality
  • Follow-up actions
    • Pre-Audit, Re-Audit, surveillance, corrective actions
      
      
• Emergency management
  • Overview of BSI™ Standard 100-4
  • Emergency management process
    • initiate, analyze, implement, exercise, improve
  • Business impact analysis (BIA)
  • Managing emergencies (handling security incidents)
  • Developing Approach for Security Incidents and Reporting Path
    
    
• Summary and preparation for the examination
  
  
• In total you receive with this course 19 theory units and 5 practice units
  
  
  
  

Objectives:

The seminar SC550 BSI™ IT-Grundschutz Practitioner provides you with a comprehensive overview of the contents and implementation of the BSI™ IT-Grundschutz methodology. Through case studies and practical exercises, you will learn the approach to applying IT-Grundschutz. The training covers BSI™ standards and the IT-Grundschutz methodology. The focus is on the targeted creation of security concepts according to BSI™ IT-Grundschutz: Security and reliability are prerequisites for maintaining the competitiveness of your company or the functionality of your authority when processing data and information, and reinforce your knowledge of Cyber Security.

As a registered training company in the Cybersecurity Network, qSkills™ offers participants the opportunity to combine the basic training with the examination at the same training location. Participants who pass the IT-Grundschutz Practitioner exam are eligible to attend the IT-Grundschutz Advanced Training to become an IT-Grundschutz Consultant.

Note: Unlike the IT-Grundschutz Consultant exam (SC560), the IT-Grundschutz Practitioner exam takes place directly on the fourth day of training at qSkills™ on-site.

Target audience:

The course SC550 BSI™ IT-Grundschutz Practitioner is specifically designed for participants who already possess knowledge and practical experience in the field of Cyber Security. Job titles include:

• Prospective Information Security Officers
• Data Security Officers
• Data Protection Officers
• IT Managers / IT Administrators
• Responsible for the area of Information Security
• Responsible for the area of Risk Management
• Responsible for the area of Business Continuity Management
• Responsible for the areas of Audit and IT Audit
• Security Managers
• Executives / Project Managers

Prerequisites:

To effectively follow the content and pace of the course, basic knowledge in IT security or information security is required.

Description:

The Federal Office for Information Security (BSI™) is responsible for IT security matters. To strengthen the reactive offering in the field of Cyber Security or IT security, the Cyber Security Network (CSN) was established as a contact point for incident handling. This voluntary association of qualified IT security experts aims to detect and analyze IT security incidents more quickly, limit the extent of damage, and prevent further harm.

The workshop SC550 BSI™ IT-Grundschutz Practitioner meets the curriculum and qualification requirements of the Federal Office for Information Security (BSI™) and enables you to assume the responsibilities of an IT Security Officer (ITSiBe) or Information Security Officer (ISB). The focus is on imparting the necessary expertise in the field of information security and establishing an Information Security Management System (ISMS). You will learn to support management in fulfilling their duties to ensure an adequate level of information security, determine appropriate measures for your security concept, and identify the specific protection needs of your information, applications, and IT systems.

The seminar is the entry point into the official BSI™ certification program and corresponds to the IT-Grundschutz basic training. Participants who pass the IT-Grundschutz Practitioner exam are eligible to attend the IT-Grundschutz advanced training to become an IT-Grundschutz Consultant.