As an increasing number of industries and organizations begin to fully recognize the cybersecurity crisis, they have issued a variety of standards, guidelines and road maps designed to help organizations prevent data breaches. While well-intentioned, the wide variety of sometimes overlapping standards can be quite confusing to the organizations that need them the most.
In my experience, organizations usually fit into one of two categories with regard to their adherence to standards. Many organizations, either through blind ignorance or willful neglect, ignore all standards and guidelines and just do their own thing. If you are responsible for security or IT in such an organization, I suggest you stop reading this now, pick an appropriate standard and begin applying it to your business. When finished, come back and read the balance of this article.