Quiz Entry - updated: 2026.06.04
In which chronological order are the ISMS documents produced and rolled out?
From general to specific: InfoSec Policy → issue-specific policies → system-specific policies → guidelines — finished by formal approval and communication.
- InfoSec Policy — the top-level policy setting direction and tone
- Issue-specific Security Policies — positions on individual topics (e-mail use, cyber crime, fire…)
- System-specific Security Policies — configuration/operating rules for individual systems
- Guidelines — practical aids for users and admins
- Freigabe / Kommunikation — formal approval (signature!) and communication to the workforce
The cascade ensures consistency: each lower level concretizes the one above and must not contradict it.
Tip: The last step is the most-skipped one — a policy that was never formally approved has no binding force, and one that was never communicated cannot be enforced ("unknown rules bind no one"). Approval + communication is what turns text into a control.