This is an idea I've been playing with for a while. It's still under development, but the basic technique is similar to the one snipers use to search and detect targets.
One of the skills we learned at the scout/sniper school was the detection of targets. We would lay prone and try to find hidden objects that the instructors placed in the field using our scopes. We also needed to detect an instructor acting like a sniper.
All the objects (or potential threats) were hidden in a large stretch of land, some close and some far. It would have been almost impossible to randomly start scanning for the targets in such a large area so a simple technique was used: begin scanning with the naked eye for objects near and from left to right, then move a bit farther from right to left, farther out from left to right, etc. Once you get to a point where the naked eye is not good anymore, use the scope.
Essentially you create a grid on the area where you move from close to far and from left to right and scan each sector for a potential threat, logging everything you see.
The same can be applied to security threats on a system.
You have your networks, your computers, your servers, your public facing footprint. Then you have your buiding, your packing area, the rooms protecting and storing servers, electrical rooms, etc. Then you have the people, your employees, your contractors, your customers. All these parts conform the whole system you need to defend and as such you need to scan for potential threats.
How do you scan everything?
Start for exampple with the internal networks and the computers attached to them, scan for potential threats. Then move to the servers serving that network, then to the routers, firewalls, IPS/IDS, etc. Once you scanned this "near" network, scan for targets farther away from you. Begin scanning the DMZ for example. Then move to the external (internet facing network) and scan there, analysing and logging all the threats and vulnerabilities you identify along the way.
Once you completed this initial scan (near to far, left to right) try to find a solution for the threats you found. Then scan inwards. This time start from the farthest network and from from left to right moving closer to where you are.
I've found this technique very useful on large, multi-layered networks where it would be very easy to get overwhelmed during a vulnerability assessment or a pentest.
Of course this technique works great for physical pentests as well.
Anyway, this is idea I've been developing. What do you think?
EDIT: Here's is a video with the technique I described in the beginning of the post.