Chapter 2. Security Auditing, Governance, Policies and Compliance


‘... in strategy everything is very simple, but not on that account very easy.’

 --Carl von Clausewitz

In the previous chapter, we emphasised that the most dangerous flaws, are the flaws of security strategy. We have also discussed a few examples of such flaws. Strategic failures generate chain reactions of secondary and collateral shortcomings, many of which eventually become exploitable vulnerabilities – technical, operational and human. This is common sense that applies to numerous fields of expertise:

  • When your strategy is deep and far reaching, then what you gain by your calculations is much, so you can win before you even fight. When your strategic thinking is shallow and near-sighted, ...

Get Assessing Information Security: Strategies, tactics, logic and framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.