Do you regularly review your security posture?

As things change, you should schedule a regular review of security posture. This should involve reviewing whether the current policy is appropriate. Consider the following:

• Whether there are any outstanding alerts
• Changes in the nature of the data you are storing that might require further policy adjustment
• Compliance is now required with a new regulatory framework
• How regularly this should be reviewed (quarterly is recommended)