The Three Pillars of the Three Computer Security Pillars
Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed over the decades. My only major problem is that it doesn’t tell you which controls matter more than others. For example, since social engineering and phishing account for 70% to 90% of all malicious breaches and unpatched software accounts for 20% to 40% of attacks, I wish the framework’s recommendations spent far more time on those two issues and related controls.