Over the last 12 months, I have spent a lot of time looking at different cyber security standards, frameworks and sector requirements. The more you look, the more one thing becomes obvious: Australian businesses are not short on guidance. They are drowning in it. There is ISO/IEC 27001 , still one of the best-known information security management system standards. There is the ASD’s Essential Eight and the ASD’s Information Security Manual (ISM) . There is CIRMP for critica