CHAPTER 3: SECURITY ASSESSMENTS CLASSIFICATION

If tactical facts in one case are entirely different from those in another, then the strategic must be so also, if they are to continue consistent and reasonable.’ – Carl von Clausewitz

In theory, everything must be thoroughly assessed and verified to eliminate all kinds of security vulnerabilities and gaps. In the real world, however, there are limitations imposed by both budget and time. Because of these restrictions, the most critical areas must be identified to be audited first. Or, unfortunately, to be the only areas where the state of information security is to be assessed for the foreseeable future. Making a correct, well-informed decision concerning the necessary information security audit’s ...

Get Assessing Information Security: Strategies, tactics, logic and framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.