ABSTRACT
Your company has made a commitment to security. It’s good for your business, your customers, your staff, your data, and your systems. Senior management is fully on board; you have a budget and are encouraged to spend it. You have spent long days (and some nights) ensuring that your documentation is completed, your patches and configurations are up to date, and you have staff in sufficient number, with sufficient skill sets, to assist you in the effort. Ah, life is good. But, wait (there is always a catch)! Senior management and the Board want you to answer a question (your heart is pounding …): “How confident are you that our security needs have been met? Or, more simply put, how sure are you that everything you’ve done makes us secure? Can we have some assurance?” Gulp …
According to the Merriam-Webster dictionary,
assurance
is “something that inspires, or tends to inspire, confidence.” In fact,
confidence
is given as a synonym for the word
assurance
. Merriam-Webster defines the word
confidence
as “the quality or state of being certain (
i.e.
