The Federal Office for Information Security (BSI) has been offering information and assistance on all aspects of IT security for many years. The BSI’s IT-Grundschutz has become the most comprehensive standard work on IT security. It is used by numerous companies and public bodies as the basis on which to build their own catalogues of measures. In line with developments in information technology, the IT-Grundschutz has become more complex and wider-ranging. Hence, small and medium-sized organisations, with limited financial and personnel resources, especially need an introduction to the subject that is easy and fast to implement. These guidelines are intended to satisfy this need, providing a compact overview of the most important IT security measures that is intelligible to the non-expert. The focus is on organisational safeguards and on illustrating threats through practical examples. Technical details have deliberately been avoided. In short, anyone who consequentently implements the recommendations made in these guidelines or who uses them to draw up service contracts with IT service providers is already building a solid foundation for a sound level of IT security.