When establishing a vulnerability management program in an environment handling customer payment information, which of the following best practices aligns with the industry standards for securing transaction data?
Implement vulnerability scans biannually, assuming no immediate threats are identified within the transaction processing systems.
Conduct internal and external vulnerability scans every quarter and after each major alteration to the network infrastructure.
Limit vulnerability assessments to external scans conducted biennially, relying primarily on other network defenses.
Complete a comprehensive penetration test on an annual basis as the sole measure for identifying system vulnerabilities.
|Incident Response and Management
|Reporting and Communication