Language switcher

You are here

Three-level IT Baseline Security System ISKE

The goal of implementing ISKE is to ensure a security level sufficient for the data processed in IT systems. The necessary security level is achieved by implementing the standard organisational, infrastructural/physical and technical security measures.

It is an information security standard that is developed for the Estonian public sector. According to Government Regulation no. 273 of 12 August 2004, ISKE is compulsory for state and local government organisations who handle databases/registers. The first version of the ISKE implementation manual was completed by October 2003.

The preparation and development of ISKE is based on a German information security standard – IT Baseline Protection Manual (IT-Grundschutz in German) – which has been adapted to suit the Estonian situation.

A three-level baseline system means three different sets of security measures for three different security requirements have been developed (different databases and information systems may have different security levels).

Simplified process for the implementation of ISKE

  • Mapping databases.
  • Mapping information systems and other information assets.
  • Identifying links between databases, information systems and other information assets.
  • Identifying the required security class and level for databases.
  • Identifying the required security class and level for information systems and other information assets.
  • Identifying the typical modules, which comply with information systems, and other information assets.
  • Identifying the required security measures for information systems and other information assets.

Information security is an ongoing process, which is aimed at ensuring the confidentiality, integrity and availability of data and assets. The goal is to find a balance between these three components.

The portal of ISKE

Last modified: 07.09.2018

Did you get the answer to your question?


We thank you for your feedback.