CHAPTER 3: SECURITY ASSESSMENTS CLASSIFICATION

If tactical facts in one case are entirely different from those in another, then the strategic must be so also, if they are to continue consistent and reasonable.’ – Carl von Clausewitz

In theory, everything must be thoroughly assessed and verified to eliminate all kinds of security vulnerabilities and gaps. In the real world, however, there are limitations imposed by both budget and time. Because of these restrictions, the most critical areas must be identified to be audited first. Or, unfortunately, to be the only areas where the state of information security is to be assessed for the foreseeable future. Making a correct, well-informed decision concerning the necessary information security audit’s ...

Get Assessing Information Security: Strategies, tactics, logic and framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.