+ISMS.1.A10 Drawing Up a Security Concept (S)

1. Overview

ISMS.1.A10 Drawing Up a Security Concept (S)

For the specified scope (the information domain), an adequate security concept SHOULD be
drawn up as the central document in the security process. It SHOULD also be decided whether
the security concept can also consist of several sub-concepts that are drawn up successively to
establish the required level of security in selected areas first.
In the security concept, specific security safeguards appropriate for the information domain
under consideration MUST be derived from the security objectives of the organisation in
question, the protection needs identified, and the risk evaluation conducted. The security
process and the security concept MUST take the individually applicable regulations and
provisions into account.
The safeguards provided in the security concept MUST be implemented promptly in practice.
Their implementation MUST be planned and monitored.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022