One PrOfeSSiOnal accreDitatiOn PrOgram 261
be carrying out risk assessments such as penetration tests and appli-
cation tests for new and existing projects and infrastructure. Other
functions can include vulnerability management, business continuity/
disaster recovery, wireless security, war dialing (there is a blast from
the past, perhaps not so applicable in some places), identity manage-
ment, incident response, and security awareness training.
e dierence between what security teams do these days and what
they should be doing is to a large degree about access to resources.
If security analysts are skilled IT professionals with accreditation to
prove it, there is no reason why they cannot have direct visibility of
policy compliance. at ...