From the page: "
Rather than looking at each fix as a project in itself, you can start to develop a program of continual oversight that fits in with your IT goals and plans, to make sure you're always on top of your critical systems.
According to Julian, this type of program will help you "demonstrate continuous improvement to build up trust" in your organization. If you can continually give status reports to management and maintain an ongoing dialogue regarding the status of your systems, you will demonstrate that you're on top of any issues and justify continued support for your oversight processes.
"There are selfish reasons any auditor would want to follow these steps," Julian said. "Also in the unfortunate incident of a breach, the dialogue that ensues is totally different. Rather than talking about litigation and issues, people understand and are already on top of the situation. They will say 'Let's sit down as professionals to talk about how to deal with this,' rather than, 'Who's gonna get fired?'"