Quiz Entry - updated: 2026.06.04
How is a real-world municipal InfoSec policy structured (example: Stadt Ettlingen)?
Eleven sections: from Vorwort and Zweck through scope, core statement, vision, principles, and responsibilities to violations, the IS organization, and enactment.
The table of contents:
- Vorwort (foreword)
- Zweck (purpose)
- Kontext (context)
- Geltungsbereich (scope)
- Kernaussage (core statement)
- Vision
- Grundsatzaussagen (principle statements)
- Verantwortlichkeiten (responsibilities)
- Verstöße (violations)
- Informationssicherheitsorganisation (the IS organization)
- Inkrafttreten (entry into force)
Notice how this instantiates the theory: the minimum quartet (scope, objectives/vision, organization, strategy/principles) is all present, plus two practice-hardened additions — Verstöße (without defined consequences, rules are suggestions) and a formal Inkrafttreten (the enactment that makes it binding).
Tip: Real policies are short — this entire structure fits in ~9 pages. Length is not authority; signature and clarity are.