Formulate extensively in an answer-forcing manner, rather than open-ended questions #1
Comments
|
Assigned @cristiklein instead, because currently has more time to take a stab at this. |
llarsson
changed the title
|
I have created the Cloud Information Security Review Checklist following the suggestions from this issue, however Kubernetes checklist still needs to be improved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In as great an extent as possible, re-formulate the document into a "yes or no" manner (implying there could be checkboxes one could tick or not tick), rather than open-ended questions, or ones that ask "when did you last X", so that it forces the reader to answer truthfully and with data.
For instance, "Describe your access control system for Kubernetes?" is very open-ended. It would be better broken down into questions regarding whether there is an identity provider, if there is a clear policy regarding who gets what access, if RBAC is used, to enforce that policy, and so on.
It requires more thinking on our part, but helps the customer immensely to see the value we can help them achieve.
The text was updated successfully, but these errors were encountered: