What is required of an officer is a certain power of discrimination, which only knowledge of men and things and good judgement can give. The law of probability must be his guide.’ Carl von Clausewitz

Discovering and evaluating vulnerabilities and gaps without the thorough analysis of risks they introduce is as good as doing recon without using its results. In fact, for the risk analysis phase all previous security audit stages are nothing more than the necessary reconnaissance. One of the fundamental principles of chapter 1 states that ‘information security assessment always operates with probabilities’. Gauging these probabilities is a fine science and art that has to be fully mastered by at least ...

Get Assessing Information Security: Strategies, tactics, logic and framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.