LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

How does the Informationssicherheitsstrategie cascade down into operational artifacts?

Strategy at the top funnels through the policy and the management process into four parallel operational streams: concepts, rules, work instructions, and trainings.

The cascade:

  1. Informationssicherheitsstrategie — the overarching frame
  2. Informationssicherheitspolitik bzw. -leitfaden — the policy/guiding document deriving from it
  3. Informationssicherheitsmanagementprozess inkl. "Security Awareness" — the running management process; note that awareness is built into the process, not an afterthought
  4. Operational layer (in parallel):
    • Konzepte (concepts — e.g. backup concept, virus protection concept)
    • Regelungen und Richtlinien (rules and directives)
    • Arbeitsanweisungen und Checklisten (work instructions and checklists)
    • Schulungen und Trainings

The insight: documents alone change nothing — the funnel deliberately ends in four streams, two of which (instructions/checklists and trainings) target human behavior. A strategy that produces only paper has only half-cascaded.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026