Best Practices - The Only Thing Worse Than Compliance - Rafal Los - Following the Wh1t3 Rabbit
This is a really good post on best practices and how they're implemented within organization. Best practices reminds me of the gaming term, "cookie-cutter spec." In some video games you get these things called talent points that you can put into different spells to improve them. You're only given so many points to use on skills so you have to place them in a way that maximize your character. A cookie-cutter spec is a talent point set or build that has been proven to work for a majority of people playing that character based on statistical data.
The thing is, not everyone plays the character the exact same way so it's important that you take the base of the build and modify it to your play style. The same thing applies to organizations when it comes to information security or any IT best practices for that matter. Take the core best practices and then modify the rest to fit your organization.
This post first appeared on Exploring Information Security.