Cybersecurity from Europe: sovereign, secure, scalable with Myra. Learn more!
Home>
ISO 27001 vs. ISO 27001 based on IT-Grundschutz
At one
look
look
- 01. What is an ISMS and why is it important?
- 02. What is included in ISO 27001 and ISO 27001 based on IT-Grundschutz?
- 03. What do ISO 27001 and ISO 27001 based on IT-Grundschutz have in common?
- 04. What are the differences between ISO 27001 and ISO 27001 based on IT-Grundschutz?
- 05. What are the advantages of a service provider certified according to ISO 27001 based on IT-Grundschutz?
- 06. Myra is certified according to ISO 27001 based on IT-Grundschutz
03
What do ISO 27001 and ISO 27001 based on IT-Grundschutz have in common?
Both ISO 27001 and ISO 27001 based on IT-Grundschutz are intended to increase general IT security in companies. Both standards represent a high, officially recognized level of security and are considered equivalent in this respect. An ISMS operated in accordance with ISO 27001 and/or ISO 27001 based on IT-Grundschutz makes it possible to identify potential risks at an early stage and minimize them by means of tailor-made countermeasures. This enables companies to ensure the confidentiality, availability, and integrity of any and all information.
04
What are the differences between ISO 27001 and ISO 27001 based on IT-Grundschutz?
The biggest differences between ISO 27001 and ISO 27001 based on IT-Grundschutz are in the approach and methodology as well as the scope of implementation.
ISO 27001 takes a generic, process-oriented approach and provides only abstract general conditions and requirements. Although this gives companies leeway to implement and design their ISMS individually, it requires a considerable degree of initiative and expertise. It always starts with a complete risk analysis, which involves a great deal of effort and includes the potential for errors. Based on this analysis, companies must then develop and implement suitable procedures and security measures on their own.
On approx. 30 pages, the international standard describes the ISMS with conceptual requirements for the organization, processes, and documents. Annex A lists 93 controls and their objectives for infrastructure, technology, processes, and documents. Best practice recommendations and guidelines for their practical implementation are included in ISO 27002.
ISO 27001 based on IT-Grundschutz is compatible with ISO 27001 and complements it. The requirements are stricter and much more comprehensive, which means more effort is required for implementation. However, ISO 27001 based on IT-Grundschutz takes users by the hand with its measures-based approach. The BSI standards and the IT-Grundschutz Compendium, which is based on a modular principle, provide more than a thousand pages of specific procedures, recommendations, and descriptions of measures with instructions for implementing them. However, companies only need to include and apply the modules whose components they actually use. Clear guidelines effectively rule out errors during implementation.
Another difference and benefit of ISO 27001 based on IT-Grundschutz over ISO 27001 is that no separate risk analysis has to be done for normal protection needs. The BSI has already defined suitable countermeasures for typical threats to business IT, saving companies from having to perform time-consuming analyses and develop their own appropriate security measures. Only in the case of an increased need for protection is a supplementary security and risk analysis required.
ISO/IEC 27001
Complete risk analysis required
Complete risk analysis required
> 30-page standard, Approx. 90 pages describing measures
General requirements and abstract general conditions
A lot of individual initiative needed to develop appropriate measures
Top-down method
ISO 27001 based on IT-Grundschutz
Measures-oriented approach
No risk analysis (only required in the case of increased protection needs)
> 800-page IT-Grundschutz Compendium, Approx. 800 pages describing measures
Specific requirements and implementation aids
Close guidance based on clear guidelines
Bottom-up method
IT Security Solutions by Myra
DDoS Protection
Myra DDoS Protection provides you with fully automatic protection against malicious requests and overload attacks. Even in the event of an imminent attack, your web applications stay available at all times.
Hyperscale WAF
The Myra Hyperscale WAF protects your web applications against malicious access and vulnerability exploits. Thanks to simple integration and configuration, it can be set up in no time at all.
CDN
First-class user experience thanks to fast page loading and minimal latency: With the Myra High Performance CDN, all static and dynamic content on your website is delivered with high performance.
Secure DNS
Myra Secure DNS offers you a reliable and powerful solution for securing your critical web applications. Manage your name resolution with ease and protect yourself against DNS hijacking.
Deep Bot Management
Say goodbye to malicious bots forever. Myra Deep Bot Management creates unique fingerprints for each bot and thus enables an optimal response to every request.
Certificate Management
No more problems with expired SSL/TLS certificates. Increase the security of your digital assets with Myra Certificate Management and encrypt all your domains automatically.
Want to learn more about our solutions, use cases and best practices for attack defense? In our download area you will find product sheets, fact sheets, white papers and case studies.
About the author
Björn Greif
Senior Editor
About the author
Björn started his career as an editor at the IT news portal ZDNet in 2006. 10 years and exactly 12,693 articles later, he joined the German start-up Cliqz to campaign for more privacy and data protection on the web. It was then only a small step from data protection to IT security: Björn has been writing about the latest trends and developments in the world of cybersecurity at Myra since 2020.