Quiz Entry - updated: 2026.06.04
How does the Informationssicherheitsstrategie cascade down into operational artifacts?
Strategy at the top funnels through the policy and the management process into four parallel operational streams: concepts, rules, work instructions, and trainings.
The cascade:
- Informationssicherheitsstrategie — the overarching frame
- Informationssicherheitspolitik bzw. -leitfaden — the policy/guiding document deriving from it
- Informationssicherheitsmanagementprozess inkl. "Security Awareness" — the running management process; note that awareness is built into the process, not an afterthought
- Operational layer (in parallel):
- Konzepte (concepts — e.g. backup concept, virus protection concept)
- Regelungen und Richtlinien (rules and directives)
- Arbeitsanweisungen und Checklisten (work instructions and checklists)
- Schulungen und Trainings
The insight: documents alone change nothing — the funnel deliberately ends in four streams, two of which (instructions/checklists and trainings) target human behavior. A strategy that produces only paper has only half-cascaded.