It’s weird to say this but a significant part of the value we provide clients is filling out Dumb Security Questionnaires (hereafter DSQs, since the only thing more irritating than a questionnaire is spelling “questionnaire”). Daniel Meiessler compains about DSQs, arguing that self-assessment is an intrinsically flawed concept. Meh. I have bigger problems with them. First, most DSQs are terrible. We get on calls with prospective clients, tell them “these DSQs were all first written in...
