The InfoSec Blog

Security Posture Assessment resources

Posted by antonaylward

No, I don't think this is a good start.
Its ignores such fundamentals as policy, change management, awareness, management reporting, risk assessment and risk tolerance ...

And much like that.