LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the absolute minimum an Enterprise IS Policy (Leitlinie zur Informationssicherheit) must contain?

Four elements: Geltungsbereich, Sicherheitsziele, Organisationsstruktur, and Sicherheitsstrategie.

Even the smallest viable policy ("Leitlinie zur Informationssicherheit") must answer four questions:

  1. Geltungsbereich (scope) — for whom and what does this apply?
  2. Sicherheitsziele (security objectives) — what are we protecting, and to what level? (the CIA goals in business terms)
  3. Organisationsstruktur (organizational structure) — who is responsible? (CISO, roles, reporting lines)
  4. Sicherheitsstrategie (security strategy) — by what approach do we reach the objectives?

Why this minimal set: strip any one away and the document stops functioning — without scope nobody knows if it applies to them; without objectives there is nothing to verify against; without organization nobody owns it; without strategy it's a wish list.

Tip: Useful as a review checklist: when handed any organization's security policy, check these four first. Many real-world policies are pages of prose that still fail to answer one of them.

Go deeper:

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jul 05, 2026