Global Security Forum

Security Global Forum

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Security solutions.

 View Only
Back to discussions
Expand all | Collapse all

How often should a growing enterprise perform VAPT, and should third-party providers always be involved?

  • 1.  How often should a growing enterprise perform VAPT, and should third-party providers always be involved?

    Posted yesterday

    Hi everyone,

    As our company continues to scale, we're reviewing our cybersecurity posture and one thing that keeps coming up is the frequency and scope of VAPT (Vulnerability Assessment and Penetration Testing). Some suggest quarterly testing, while others say annual is enough-especially if you've had no major infrastructure changes.

    Also, is it always advisable to bring in a third-party VAPT service provider for every round of testing, or can internal red teams handle routine assessments after the initial audit?

    We're not using any specific IBM security tools for this, so the question is more general in nature. Just looking to understand what's common practice in enterprise settings and what others are doing to maintain continuous visibility without overloading their teams.

    Thanks in advance!



    ------------------------------
    Naveen Kumar
    Cybersecurity
    StrongBox IT
    chennai
    ------------------------------


Related Content