Quiz Entry - updated: 2026.06.04
Which documents make up the information security documentation family, from strategy down to log files?
Six layers: IS strategy, Enterprise IS Policy, issue-specific policies, system-specific policies, guidelines/one-pagers, and operational documentation.
- Strategie der Informationssicherheit — how security supports the business long-term
- Enterprise Information Security Policy — goals, organization, approach (Ziele, Organisation, Vorgehen)
- Issue Specific Security Policy — per topic, e.g. cyber crime, fire
- System Specific Security Policy — per system class, e.g. data center, network, end devices
- Guidelines, OnePagers etc. — user directives, evacuation plan, backup rules, password rules, checklists
- Dokumentation — network plans, protocols, log files
The pattern: each level gets more concrete and changes more frequently. The strategy changes with the business (years); guidelines change with technology (months); log files are produced continuously.
Tip: Level 6 is evidence, not rules — documentation proves the upper levels are lived. Auditors read policies, then ask for the logs.