The nice thing about standards is that you have so many to choose from. Furthermore, if you do not like any of them, you can just wait for next year’s model.

Andrew S. Tanenbaum, Computer Networks, Second edition 1989, p. 254

Standards and specifications are directives telling you what should be done, whilst guidelines and recommendations are informative, and tell you how you should go about it.

There are also so-called ‘good practice’ guides and documents, which, rather than being issued by a standards body, originate from an organisation that has a legitimate claim to be the main source of knowledge on matters pertaining to it. An example of this is the Information Security Forum’s Standard of Good Practice, which we ...

Get Cyber Security: A practitioner's guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.