Don’t fail an audit over a neglected annual policy review

3 years ago Tripwire Guest Authors
Dont-fail-an-audit-over-a-neglected-annual-policy-review

When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed to be a fundamental tenet of managing information security – the need for annual policy reviews. There were a number of policy documents being relied upon for evidence, but they did not have a current date. Given that there was nothing fundamental…

The post “Don’t fail an audit over a neglected annual policy review” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags:

More Stories

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

13 hours ago [email protected] (The Hacker News)

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

14 hours ago [email protected] (The Hacker News)

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

19 hours ago [email protected] (The Hacker News)

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

20 hours ago [email protected] (The Hacker News)

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

23 hours ago [email protected] (The Hacker News)

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

1 day ago [email protected] (The Hacker News)