CHAPTER 2: SECURITY AUDITING, GOVERNANCE, POLICIES AND COMPLIANCE
‘. . . in strategy everything is very simple, but not on that account very easy.’ – Carl von Clausewitz
In the previous chapter we emphasised that the most dangerous flaws are the flaws of security strategy. We have also discussed a few examples of such flaws. Strategic failures generate chain reactions of secondary and collateral shortcomings, many of which eventually become exploitable vulnerabilities – technical, process and human. This is common sense that applies to numerous fields of expertise:
- ‘When your strategy is deep and far reaching, then what you gain by your calculations is much, so you can win before you even fight. When your strategic thinking is shallow and near-sighted, ...