Chapter 5. Security Audit Strategies and Tactics
‘In military operations, what is valued is foiling the opponent’s strategy, not pitched battle.’
The previous chapters put heavy emphasis on governance, management and policy issues in relation to assessing information security. They are also heavily centred on the issues of strategic significance. It is time to pull up the sleeves and dive into the realm of tactics. Inevitably, this means that the upcoming discourse will have to be more technically inclined. However, as stated in this book’s preface, providing detailed checklists or hands-on testing manuals is not the intended goal. We are not competing with, for example, OSSTMM (Open Source Security Testing Methodology Manual), not ...