A prescriptive set of rules designed to meet specific security goals. List AUP Information Security Policy Business Continuity Plan Disaster Recovery IR policies Change Management Process SDLC