Preparing for security assessments
How do we know our systems are secure from attackers? How do we know that our systems are resilient? How do we know that our systems are appropriately redundant?
Unfortunately, the answer simply cannot be "because I designed them myself" (sunglasses on, standing on a Segway in the elevator). A second pair of eyes is important, at the very least. Why do I say, "at the very least"? Sometimes, your second pair of eyes is a colleague who either doesn't have the appropriate knowledge, or the appropriate segregation from the organization, in order to make the observations they might make if they didn't have a boss that was going to be offended by their input.
First of all, you need buy-in from Top Management. This is another classic theme in this book, and a classic theme in Information Security that you'll see in various standards. For example, in ISO 27001's requirements (https://www.iso.org/standard/54534...