Discussion on "Security Assessments: Evaluating Security Across People, Process, and Technology"

Manuela Schrittwieser · 2026-04-27T08:05:38.151Z

NeuralStack | MS — Article 2 of 3 Part 2 of the AI Security & Cybersecurity Series If penetration testing is a scalpel – precise, targeted, adversarial – then a comprehensive security assessment is t

Good framing. Security assessments only work when they look beyond tooling. A company can have strong products in place and still fail because access reviews are weak, processes are unclear, or people don’t know what “secure behavior” looks like in daily work. The people, process, technology split is still one of the most practical ways to find real gaps.

Precisely. The PPT (People, Process, Technology) framework remains the industry standard because it addresses the systemic dependencies that technical controls alone cannot solve. A secure-by-design infrastructure is often undermined by insecure-by-habit workflows.

That’s exactly where most programs break. Even when infra is secure by design, the actual risk shows up in everyday workflows. People bypass steps, share data differently, or use tools in ways policies never accounted for.

Feels like the gap now is less about defining controls and more about seeing how they behave in real usage.

Discussion

Security Assessments: Evaluating Security Across People, Process, and Technology

Responses(3)

Recent in Forum

Search Hashnode

Security Assessments: Evaluating Security Across People, Process, and Technology

Responses(3)

Recent in Forum