LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

How is a real-world municipal InfoSec policy structured (example: Stadt Ettlingen)?

Eleven sections: from Vorwort and Zweck through scope, core statement, vision, principles, and responsibilities to violations, the IS organization, and enactment.

The table of contents:

  1. Vorwort (foreword)
  2. Zweck (purpose)
  3. Kontext (context)
  4. Geltungsbereich (scope)
  5. Kernaussage (core statement)
  6. Vision
  7. Grundsatzaussagen (principle statements)
  8. Verantwortlichkeiten (responsibilities)
  9. Verstöße (violations)
  10. Informationssicherheitsorganisation (the IS organization)
  11. Inkrafttreten (entry into force)

Notice how this instantiates the theory: the minimum quartet (scope, objectives/vision, organization, strategy/principles) is all present, plus two practice-hardened additions — Verstöße (without defined consequences, rules are suggestions) and a formal Inkrafttreten (the enactment that makes it binding).

Tip: Real policies are short — this entire structure fits in ~9 pages. Length is not authority; signature and clarity are.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026