Navigation and service

Advanced Protection

A professional approach to cyber security for SMEs

This website provides information for visitors who already have a certain level of expertise in information technology (IT), information security, and cyber security and either have employees working in an IT unit or have outsourced IT activities to an IT service provider.

The following presents a brief summary of the most useful tips and guidance for SMEs from the comprehensive information resources provided by the BSI.

Utilise IT-Grundschutz

In Germany IT-Grundschutz (IT baseline security) is the benchmark for the protection of information and setting up an information security management system (ISMS). With an ISO 27001 certificate based on IT-Grundschutz, an organisation can provide proof that the measures it has introduced for information security fulfil recognised international standards.

Das IT-Grundschutz-Kompendium und die IT-Grundschutz-Profile tare especially suitable for establishing an ISMS in small and medium-sized enterprises (SMEs) that maintain an in-house IT department. Basic protection according to IT-Grundschutz is considered essential for ensuring professional protection of a company, its customer base, and its business partners, and is therefore the minimum level to strive towards. For micro and small enterprises (MSEs), setting up and operating a full ISMS according to IT-Grundschutz is typically not appropriate

Companies or government agencies can create IT-Grundschutz profiles for specific use cases and then provide them to other interested parties. Users who have similar security requirements can use these templates to review their security level without committing resources or to start developing an information security management system (ISMS) in accordance with IT-Grundschutz. An IT-Grundschutz profile documents the individual steps in a security process for a defined application scenario. A wide range of IT-Grundschutz profiles are available from the BSI.

Broschüre "Informationssicherheit mit System - Der IT-Grundschutz des BSI"

Find a certified consultant or qualified service provider

To support the implementation of cyber security measures, the BSI can provide details on qualified service providers and certified individuals.

IT-Grundschutz consultants certified by the BSI can advise and assist SMEs in the following kinds of projects:

  • Rolling out an information security management system (ISMS)
  • Developing security models
  • Defining and implementing suitable measures
  • Obtaining expert support during the introduction of processes. An IT-Grundschutz consultant can also provide support during preparations for an ISO 27001 audit based on IT-Grundschutz.

All IT-Grundschutz consultants are listed in a table.

In the case of cyber attacks, the involvement of a qualified service provider can be useful in terms of both preventing and dealing with actual security incidents. The BSI also provides lists of service providers that are able to help counter DDoS and APT attacks.

Dealing with a IT security incident

Are you dealing with an IT security incident and need information right away?

Do you want to submit a voluntary or mandatory IT security incident report?

Do you want to find out more about IT security measures?

The document Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2 provides a set of ‘first aid’ measures to take in the event of a serious IT security incident.

The Maßnahmenkatalog Ransomware is designed to counter a potential ransomware attack and also provides a list of necessary preventive measures.

The executive summary Ransomware: Managementabstract Fortschrittliche Angriffe reports on new aspects seen in recent attacks.

The IT Emergency Sign

Based on the familiar ‘In the event of fire’ posters, the IT Emergency Sign (‘In the event of an IT emergency’) is a new sign that gives employees a quick overview of the most important immediate actions to take, plus IT emergency contact information.


IT Emergency Sign – your introduction to IT business continuity management