Measure: InformationSecurityGuidelines


Establishment of a guideline for information security. This guideline contains all relevant aspects about the company's information security aims and underlying processes. Thus the employees are aware of the importance of information security procedures and know how to behave to ensure information security.


The guideline(s) should contain information about the importance of information security, the security objectives, the most important aspects of the security strategy as well as the organisational structure established for information security. A clear scope must be defined. All employees must be informed about the guideline on information security. The guideline should regularly be updated.

Event type

Risk reduction mechanism

Threat Types

Action characteristics

event_ measures