-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Formulate extensively in an answer-forcing manner, rather than open-ended questions #1
Comments
Assigned @cristiklein instead, because currently has more time to take a stab at this. |
llarsson
changed the title
Formulate extensively in a yes/no manner, rather than open-ended questions
Formulate extensively in an answer-forcing manner, rather than open-ended questions
May 4, 2021
I have created the Cloud Information Security Review Checklist following the suggestions from this issue, however Kubernetes checklist still needs to be improved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In as great an extent as possible, re-formulate the document into a "yes or no" manner (implying there could be checkboxes one could tick or not tick), rather than open-ended questions, or ones that ask "when did you last X", so that it forces the reader to answer truthfully and with data.
For instance, "Describe your access control system for Kubernetes?" is very open-ended. It would be better broken down into questions regarding whether there is an identity provider, if there is a clear policy regarding who gets what access, if RBAC is used, to enforce that policy, and so on.
It requires more thinking on our part, but helps the customer immensely to see the value we can help them achieve.
The text was updated successfully, but these errors were encountered: