How does your company maintain evidence of compliance? | allinfosecnews.com

March 20, 2024, 3:27 p.m. | /u/dank_hank

cybersecurity www.reddit.com

For some context: I work for a small company with a limited budget. We have policies that state we must perform actions to remain in compliance with those policies during a certain time period (such as quarterly vulnerability scans and annual security program reviews).

Right now, we're just storing meeting minutes, scan results, etc... in a folder on a network drive and referenced by an excel file. We then use this evidence of compliance to attest to third party risk …

actions budget compliance context cybersecurity meeting period policies program quarterly reviews scan scans security security program state vulnerability vulnerability scans work

More from www.reddit.com / cybersecurity

Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 2 hours ago | www.reddit.com

attack attacks campaign cisco +7

Any Fortune 100 company go all in on Microsoft E5 Security Suite? 12 hours ago | www.reddit.com

all in cybersecurity defender defenders +12

Blueteam Certification like cybersecurity engineers 13 hours ago | www.reddit.com

architect blueteam certification certifications +12

Fake job interviews target developers with new Python backdoor 17 hours ago | www.reddit.com

backdoor cybersecurity developers fake +7

Passkeys: A Shattered Dream 17 hours ago | www.reddit.com

cybersecurity dream passkeys

Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software 17 hours ago | www.reddit.com

census cyberattack cybersecurity easy +4

Ukraine's military intelligence launches cyberattack against United Russia party 17 hours ago | www.reddit.com

cyberattack cybersecurity intelligence military +4

The XZ Utils Backdoor explained - Columbia University Lecture 19 hours ago | www.reddit.com

Cybersecurity for Government 21 hours ago | www.reddit.com

budget corporate cybersecurity goals +8

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States

View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium

View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY

View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote

View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada

View on infosec-jobs.com