Mechanisms exist to routinely update risk assessments and react accordingly upon identifying new security vulnerabilities, including using outside sources for security vulnerability information.
Does the organization routinely update risk assessments and react accordingly upon identifying new security vulnerabilities, including using outside sources for security vulnerability information?