I'm particularly looking for any input that someone may have for or from a small institution...
I know I won't find any specific guidance on this, and that it's based on a risk assessment of the area, but...
How often do you do internal vulnerability testing of your network? Everything I look into, and every quote I get, seems to be so often and so expensive...and we're so small/low risk.
I'm trying to get a grasp on the 'normal' amount that we should expect from a company for a small, low risk (and very low use, technology wise) bank...
PM me if you don't want to discuss in a public forum.
Thanks so much!
_________________________
The beatings will continue until morale improves...