LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

How is the ISMS document pyramid structured (in the awareness context)?

Policy → Technical Information Security Concept → Standards → Procedures, Guidelines & Implementation handbooks.

From top to bottom:

  1. Policy — the normative apex: management's commitment, goals, scope
  2. Technical Information Security Concept — how security is conceptually realized
  3. Standards — uniform, binding technical/methodical requirements
  4. Procedures, Guidelines & Implementation handbooks — the broad operational base: step-by-step instructions people actually work with

The awareness connection: the pyramid is also a communication map. Employees never read the policy — they encounter security through the bottom layer (procedures, handbooks, checklists). Awareness work translates the top of the pyramid into the language of the base: a policy clause ("information must be classified") only changes behavior once it exists as a one-pager ("how to label your documents — 3 steps").

Tip: Compare the variants you've seen: EISP/ISSP/SysSP/Guidelines (anglo-american) and Politik/Konzept/Regelwerk/Aufzeichnungen (German) — same cascade logic, different cuts. Recognize the pattern, not just one labeling.

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jun 04, 2026