After 25 years ..
..in IT, 20 in security, I know how this will go....
This [guidance] is targeted at SMEs and bigger companies alike, including large sections in simple words for executives and non-technical managers to digest.
The only thing that will start to improve the generally disastrous state of security (on the UK and beyond) will be jail time for Directors who pay lip service to the vital importance of security and safeguarding their customers data, etc, whilst leaving one person twisting in the wind trying to cover the jobs of six after the other five did the sensible thing and bailed out, for _18 months_ . Oh, and this wasn't a paperclip maker or a small chain of estate agents -- it was a systemically important multinational financial services firm with sites in a couple of dozen countries, on the 5-10k employees and turnover in the billions, range.
No, I'm not bitter, but if anyone's looking to hire an over-ambitious DIYer in their 50s as an apprentice chippie, do give me a shout.