Geben Sie Ihren Benutzernamen und Ihr Passwort ein.

Kennwort vergessen?

BSI 100-2 and the definition of an "Application"

Autor Nachricht
Verfasst am: 16. 01. 2017 [13:30]
OldShatterhand
Ardi Jürgens
Themenersteller
Dabei seit: 16.01.2017
Beiträge: 1
Hi guys,

Recently I've been looking into IT Grundshutz and have been reading up on the BSI 100-2 standard, specifically the definition of a security concept and structure analysis in subsection 4.2

There is one thing that puzzles me however and that is the definition of "Applications" (or "Anwendungen" as our benevolent BSI overlords might say). The subsection 4.2.2 tries to clarify the nature of the application, but I'm still left wondering, it seems that the definition of an "Application" might encompass a "procedure", "data medium", "document" etc.

Do you know of any public documents out there with additional information regarding documenting "Applications" in accordance with IT Grundschutz, in addition to the 100-2 document itself? Or can you list the things that might be considered an Application yourself?


Thank you in advance.




Verfasst am: 19. 01. 2017 [13:35]
sstrigunov
Stanislav Strigunov
Dabei seit: 09.09.2011
Beiträge: 60
Hello,

sorry but we have no other documents available.
Because a procedure can be defined as a subset of process, we also use the objects for applications in verinice for processes.

Within the BSI perspective there is no other alternative. In the ISM perspective, there are explicitly named objects „process“.

Best regards
verinice Team



English languageDeutsche Sprache
© SerNet GmbH, 2017