This is a collected list of security controls.

† = redirect is unsatisfactory

Heavily influenced by the ISO 27000 family, in particular ISO 27002's information security controls. Naturally also well-applicable to IT security. This list is organized by control categories (also referred to as 'themes'). There are also distinct control types (preventitive, detective, and corrective). Each control can also be rated on its ability to cover the CIA triad. Further there are 'security concepts', 'security domains', as well as 'operational capabilities' but those aren't covered here.

• Information security policy †
• Information transfer
• Access control
• Identity management
• Incident management
• Digital forensics procedures
• Business continuity plan
• Disaster recovery plan
• Business continuity and disaster recovery auditing
• Intellectual property protections
• Maintain legal, statutory, regulatory, and contractual requirements
• Privacy of PII
• Information security auditing

• Non-disclosure agreements