Stepping on the cracks

Anyone seeking information security standards or guidance is spoilt for choice e.g. : ISO27k - produced by a large international committee of subject matter experts and national representatives NIST SP 800 series – well researched, well written, actively maintained ... and FREE! IT Grundschutz - a typically thorough Germanic approach, to the point of absurdity (4,800 pages! It's encyclopaedic!) CSA - cloud security guidance is their home turf COBIT - takes a deliberately different perspective on 'risk' and 'control' Secure application development standards such as those from OWASP IT standards and methods as a whole : relevant because IT or cyber security is clearly a big part of information security HR, physical security, privacy and business continuity standards and methods as a whole : filling-in the substantial gaps in IT or cyber security Risk management standards , the best of which at least mention the im...