Chapter 8. Reviewing Security Assessment Failures and Auditor Management Strategies


‘The essence of strategy is not to carry out a brilliant plan that proceeds in steps; it is to put yourself in situations where you have more options than the enemy does.’

 --Robert Greene

Even if you studied and comprehended everything said in this and other relevant sources on information security auditing, everything can still go blatantly wrong. There are always some inevitable influences of chance, human error, technical fault and environmental pressures. Because of the latter, quite often both the auditee and the auditors have to make important decisions on the basis of insufficient information and in a very limited timeframe. This might lead to a variety ...

Get Assessing Information Security: Strategies, tactics, logic and framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.