HiScout Basic Protection
IT-Basic Protection-Tool and Risk Analysis in Accordance with BSI 200-1, 200-2 and 200-3
The HiScout Basic Protection module fully complies with procedures in the BSI standards 200-1, 200-2 and 200-3. The market-forming basic protection tool for federal authorities, state administrations and operators of critical infrastructures (KRITIS) aligns exactly with the BSI procedures. Therefore, it easily records existing data from other tools – such as GSTOOL. Users are safely guided through all phases of the implementation of basic protection – from defining the information network, to the submission of the certification documents. Elements such as components, threats, measures and processes can be easily adapted to your own basic protection procedures, without having to do any sort of programming.
HiScout Basic Protection based standard solutions are available to the federal authorities via HiScout’s standard solution ZeDIS. This is provided as a Service Solution (SaaS) via the Federal Information Technology Centre (ITZBund).
Get to know more about HiScout Basic Protection in the Webinar
Newsletter
Exciting news and interesting facts on HiScout products and topics
Sign up for NewsletterImportant Dates
Important industry events, HiScout webinars and online seminars at a glance
To OverviewMagazine
Read all our HiScout articles, publications and press releases
(available only in German language)
Step-by-step to certified IT-Basic Protection
-
Hierarchical information networks and security concepts
First of all, all the components which are relevant to the IT-basic protection of the information networks such as processes, applications, IT systems, industrial control systems networks, locations and generic aspects, are defined. The networks can be arranged and evaluated hierarchically. Each level can represent a different issue e.g. processes and procedures, security concepts and organisational structures. Each hierarchy can be evaluated separately, e.g. in order to create an overview of all security concepts at the Berlin site.
-
Structural analysis with centralised and decentralised target objects
In the structural analysis, all components of the information networks and processes, as well as security concepts are recorded and linked in their mutual dependencies. Assets or complete networks can be made available as a service or basic service in large organisations with distributed working. Sub-organisations can book these services, link them to their own security concept and use them as an own target object, with the stored level of protection. The responsibility for the basic protection check- and risk analysis lies with the provider; redundancies in security concepts are avoided.
-
Assessment of protection requirements with automatic inheritance
HiScout focuses on the information to be protected and inherits the identified protection requirements alongside the IT structure, in accordance with the individual target objects. It thereby considers the individual target objects that observe the cumulative effects which occur.
The mandatory protection requirements are compared to the agreed protection in case of offered or purchased services, in order to disclose any gaps in the protection coverage. Inheritance paths and origin are displayed transparently for each target object.
Protection requirements, protection requirement classes, damage scenarios and other parameters can be individually customised. -
Automatic modelling in accordance with IT-Basic Protection
Relevant security requirements of the target objects are determined during modelling. This is required in order to evaluate the security of existing processes as well as those in the planning stage. BSI Basic Protection Compendiums and individual components can be maintained and modelled in HiScout Basic Protection. You can also store your own standard modellings for freely-definable target object types and automatically apply them.
-
Basic Protection check with the Questionnaire function
The individual security requirements of the basic protection components are automatically taken over. A tabular overview with graphical display shows the progress of the basic protection, core protection and standard protection and provides a quick overview of all modelled requirements of the basic protection compendium. Existing basic protection checks are integrated automatically or manually, as required. The implementation status for requirements, target object and network are clearly documented in a reporting.
-
Risk analysis with action plan
The HiScout risk analysis is carried out in three steps – risk overview, risk classification and risk treatment. The threats can be taken from the existing components and be enhanced manually. Using a risk matrix, the gross and net risk per hazard is automatically calculated based on the frequency of occurrence and impact. The evaluation levels and the resulting risk classes can be freely adapted to the requirements of the respective organisation. The implementation status of the measures is displayed transparently in the target objects and can be incorporated into the risk assessment. The measures are transferred to the basic protection check after the approval of the risk action plan. Risk analyses, which are no longer valid, are archived for future checks. The HiScout risk analyses fulfils the requirements for BSI standards 200-3 and 100-3, including suggested measures based on the cross-reference tables for the IT-Basic Protection Compendium.
-
Certifiable reference reports
The reference documents A1-A6, based on BSI standard 200-2, are created at the touch of a button and are immediately available for download. All reports can be customised according to individual specifications and company design if Customizing has been commissioned. The HiScout live reports are automatically displayed and updated.
A data pool for basic protection, data protection and risk management
The HiScout Data Protection can be extended to an integrated management system with a common database. A beautiful example of the interaction of the HiScout Basic Protection, HiScout Data Protection, HiScout ISM und HiScout BCM modules: the basic protector becomes active and surveys the processes as well as the required applications. The Emergency Manager is delighted with the collected data and uses it for the Business Impact Analysis. Meanwhile, in the directory of the processing activities, the data protector uses the currently maintained master data to record what data is processed by which application. The basic data protector can incorporate this information into its process analysis to assess the protection requirements.
HiScout technology can be upgraded and is future-proof
The HiScout GRC software is a browser-based multi-user application, which does not require any installation on the client-side. 100% of the development and support are carried out in Germany. The data model and user interfaces of the HiScout platform can be upgraded and expanded at any time without requiring programming skills, in order to realize individual requirements of our clients. We are in regular dialog with our user groups and stakeholder forums, and jointly align our development goals with practical needs and future requirements. HiScout Data Protection can be combined with other HiScout add-ons such as HiScout Questionnaire, HiScout Business Logic Engine, HiScout DataExchange and HiScout DocGen to include customized processes, questionnaires, workflows, reports and database connections.
Product data sheet
Find all essential information on the HiScout Basic Protection module here.
Request Now!Synergies
A software for different management systems which saves time and effort.
Work more efficiently