This document outlines key areas of focus for information security based on ISO 27002 standards and relevant NIST publications. It discusses 14 areas of focus including information security policy, HR security management, asset management, access control, cryptography, physical and environmental security, operations security, communications security, information systems acquisition and more. For each area it provides high-level goals and references relevant standards and guidelines.