Providing security is one of the most basic functions of government, arguably the most basic function. In the realm of information security, governments provide three distinct basic security functions:
First, government agencies establish rules, such as compliance standards, that firms and other organizations with IT operations must adhere to. Second, government carries out law enforcement operations against cybercriminals. Third – distinct from these, but often related to them – government must protect the security of its own data.
Indeed, all of these functions can interact in various ways. For example, government agencies' efforts to define best practices for their own data security procedures may be promulgated as compliance standards. Even if not written into law, best practices identified by government agencies may go on to be accepted by industry.