Maintaining compliance with laws and regulations in a complex IT environment is difficult. The vast array of regulations a company must comply with is constantly increasing and changing. Each state has its own set of laws and regulations that indicate who is covered by the law & what event triggers consumer notifications. Laws which require notifying consumers of data breaches are a good example of conflicting rules.
1. Discuss the importance of collaboration and policy compliance across business areas
2. How can penetration testing be used to help ensure compliance?