Typically, the boundary defines a clear demarcation of accountability in the case of ICT or ICS system landscape.  It also confines the work scope in any professional engagement activities to ease managing the work product expectation.

However, as a cybersecurity practitioner, we must look further beyond to strike for a holistic view in order not to miss out any inherent threats.  It’s just a matter of fact how far and how detail we are comfortable to go beyond, or simply include a scope statement for the “limited vision”.

Leave a Reply