Writing good ad-hoc security assessments – Part 1

I’ve seen a lot of attempts over the years at technical security assessments (TSAs, as good as any other term to describe them), both more GRC-oriented and technically-focused.

I’ve not yet seen a TSA that fits the bill fully, so in this post I’m setting out some ideas on what makes a good assessment and when it should be used.

Continue reading “Writing good ad-hoc security assessments – Part 1”