Weeding Out the Unprepared.

Ongoing process improvement is an often overlooked and important element of every security program. It is not enough to identify a vulnerability and implement remediation, if you do not also ensure that the asset and risk assessment is all reviewed again on a regular schedule. This is often considered the mark of a true security program...rather a collection of security activities. If you work in a regulated industry or submit to other types of audits, ongoing process improvement is almost always one of the "weeder" items on the checklist. Remember college, where there was always that one course that weeded out the less talented students. The same applies to ongoing process improvement, the audit checklist and security.