If information is intended to be free, why isn't this stuff more widely communicated to the non-security folk out there? Anyone would think we're trying to keep this stuff to ourselves in an effort to prop up our industry.
For example, there is no wikipedia entry on "best practise information security".
So my question is - what sources do YOU consider to be definitive when it comes to information security "best practise"?
I'll get the ball rolling with a few:
- Standards (ISO/AS/NZ),