CHAPTER 1: INFORMATION SECURITY AUDITING AND STRATEGY

We should base our decisions on awareness rather than on mechanical habit. That is, we act on a keen appreciation for the essential factors that make each situation unique instead of from conditioned response.’ – MCDP 1 Warfighting

Rephrasing Clausewitz, to produce a workable scheme for information security assessments is one of the tasks that are inherently simple, yet the simplest thing is difficult to implement. It is simple because the underlying logic is clear. It can be formulated in a minute. Here it comes from the (independent) auditor’s viewpoint:

  • Find out about the assessment’s goals and conditions.
  • Plan the appropriate actions.
  • Select the corresponding methodologies and tools. ...

Get Assessing Information Security: Strategies, tactics, logic and framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.