Assessing Information Security is a book about the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It is often controversial and is written to be so. When we throw criticism at others, we expect to be criticised ourselves. It contains a lot of what you can rightfully label as ‘common sense’. However, this ‘common sense’ is frequently ignored or overlooked, leading to disastrous consequences. Thus, it must be reiterated and reinforced, sometimes from an unexpected angle or viewpoint. On the other hand, there is hope that some of the statements and issues presented in this book, will at least be challenging and thought-provoking. When compiling various references and assembling ...