Chapter 3. Security Assessments Classification
‘If tactical facts in one case are entirely different from those in another, then the strategic must be so also, if they are to continue consistent and reasonable.’
|--Carl von Clausewitz
In theory, everything must be thoroughly assessed and verified to eliminate all kinds of security vulnerabilities and gaps. In the real world, however, there are limitations imposed by both budget and time. Because of these restrictions, the most critical areas must be identified to be audited first. Or, unfortunately, to be the only areas where information security state is going to be assessed for the foreseeable future. Making a correct, well-informed decision concerning the needed information security audits ...