With the BSI Standard 200-3 the BSI provides an easy to apply and recognized procedure which allows organisations the adequate and targeted control of their information security risks. The procedure is based on the elementary threats described in the IT-Grundschutz Compendium on the basis of which also the IT-Grundschutz-modules were drawn up.