Chapter 10. Regulatory Compliance

Introduction

Vulnerability assessments (VAs) and penetration tests (pen tests) have long been major components of information security programs. In fact, security managers have historically defined when and how they would conduct these exercises, as well as the scope of such exercises. Nevertheless, a missed assessment or pen test traditionally wasn’t a big deal. Considering the resource constraints of most information security departments, missing an assessment period, or even two, was quasi-acceptable.

But ...

Get The Best Damn IT Security Management Book Period now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.