One of the standards we follow defines 11 areas, that affect information security in the organization:
security policy
information security organization
security of human resources
physical and environmental security
systems and networks management
access control
business continuity management
acquisition, development and maintenance of IT systems
information security incident management
compliance with legal requirements and own standards