Preface -- About the Authors -- Contents -- Introduction -- Chapter 1: Information Security Auditing and Strategy -- To do or not to do? -- On monetary contemplations -- The fundamentals -- On aggressive defence -- On counteroffensive -- On the conditions of success -- Chapter 2: Security Auditing, Governance, Policies and Compliance -- On evaluating the top-down approach -- When things go bottom-up -- On analysing ISMS strategies and flows -- On security assessments and security policies -- On security assessments and compliance -- Chapter 3: Security Assessments Classification -- On broad categories of security audits -- On technical information security assessments -- On non-technical information security audits -- Chapter 4: Advanced Pre-Assessment Planning -- On pre-audit gap analysis -- On auditing the auditors -- On arranging the audit process -- Chapter 5: Security Audit Strategies and Tactics -- On critical points -- On reconnaissance -- On evaluating vulnerabilities and gaps -- The operational art of vulnerability assessment -- Chapter 6: Synthetic Evaluation of Risks -- On applicable epistemology of risk -- Analysing individual vulnerability risks -- Risks synthesis, summary and its breakdown -- Chapter 7: Presenting the Outcome and Follow-Up Acts -- On structure and content of the assessment report -- On drawing conclusions -- On audit recommendations and follow-up reaction -- Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies -- On information security assessment follies -- On assembling and managing the auditor team -- Science and art of information security evaluation -- Bibliography -- Information and IT security sources -- General/military strategy and related sources -- ITG Resources.