I got 10 topics that I need some content for what is best practise for a software developer company (with a staff of 50-100):
1. Best practise of "security organization and governance structure"
2. Best comply with General Data Protection Requirements (GDPR)
3. Best way to "identify and manage the information security vulnerabilities in your IT systems, including change management processes".
4. Best way to "information security monitoring and threat detection capability including the technology and processes in place to detect security events".
5. Best way to "periodic security testing and assurance activities undertaken. E.g.,
penetration testing vulnerability scanning audit processesIT risk management capabilities, methodologies and processes"
6. Best way to "secure applications through the system development lifecycle including how you develop and test changes to applications"
7. Best way to "access to systems and information is authorised, granted, managed and revoked. This should include physical access to facilities where applicable"
8. Best way to "manage cyber risk in the supply chain (this should take account of any cloud computing providers) including how suppliers maintains a high level of IT security".
9. Best recommendation of "frequency employees and contractors are made aware of their responsibilities with regards to information security and the handling of Information"
10. Best way to "capability and processes you have in place to respond to and recover from cyber security events