• Acceptable use policy
• Clear desk and clear screen policy
• Information transfer policy
• Mobile Devices policy
• Teleworking policy
• Information transfer policy
• Malware protection policy
• Vulnerability management policy
• Communications security policy
• Privacy policy
• Supplier relationships policy
Examples of such topics include:
a) access control;
b) physical and environmental security;
c) asset management;
d) information transfer;
e) secure configuration and handling of user endpoint devices;
f) networking security;
g) information security incident management;
h) backup;
i) cryptography and key management;
j) information classification and handling;
k) management of technical vulnerabilities;
l) secure development.