LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

In which chronological order are the ISMS documents produced and rolled out?

From general to specific: InfoSec Policy → issue-specific policies → system-specific policies → guidelines — finished by formal approval and communication.

  1. InfoSec Policy — the top-level policy setting direction and tone
  2. Issue-specific Security Policies — positions on individual topics (e-mail use, cyber crime, fire…)
  3. System-specific Security Policies — configuration/operating rules for individual systems
  4. Guidelines — practical aids for users and admins
  5. Freigabe / Kommunikation — formal approval (signature!) and communication to the workforce

The cascade ensures consistency: each lower level concretizes the one above and must not contradict it.

Tip: The last step is the most-skipped one — a policy that was never formally approved has no binding force, and one that was never communicated cannot be enforced ("unknown rules bind no one"). Approval + communication is what turns text into a control.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026