Chapter 8. Reviewing Security Assessment Failures and Auditor Management Strategies
‘The essence of strategy is not to carry out a brilliant plan that proceeds in steps; it is to put yourself in situations where you have more options than the enemy does.’
Even if you studied and comprehended everything said in this and other relevant sources on information security auditing, everything can still go blatantly wrong. There are always some inevitable influences of chance, human error, technical fault and environmental pressures. Because of the latter, quite often both the auditee and the auditors have to make important decisions on the basis of insufficient information and in a very limited timeframe. This might lead to a variety ...