
What Makes a Good Security Audit? - Garbage
https://www.eff.org/deeplinks/2014/11/what-makes-good-security-audit
======
peteretep
oooh oooh, I know the answer to this!

One that's legally defensible when you get hacked, both in terms of keeping
the data commissioner and class-action suits off your back, but also in terms
of suing your employer for unfair dismissal if you get axed when it happens on
your watch.

This is what makes certification like ISO2700000001 and PCI-DSS so amazingly
popular, 'cuz hey, I ticked my boxes.

