Organizations should regularly review their network security on an ongoing basis. The frequency of these reviews can vary based on factors such as the size of the organization, the industry and the nature of their operations.

We should provide a periodic review at regular intervals such as quarterly or annually. This review should review the network configuration, security measures currently in place and needed new measures. New security solutions should be discussed for consideration.

After Significant Changes

Whenever there are significant changes to the network infrastructure or business operations a security review should be conducted. This would include hardware upgrades, new application deployment or other introductions of new technologies. It could also be needed after organizational change such as turnover in key positions or expanding business operations.

After a Security Incident

Following any security incident or breach a thorough review should be carried out to understand the root cause of the event and improve security measures. Once a breach has occurred you become more of a target for bad actors. It's also important to understand what other security gaps may exist. A full review will help lessen the potential of other attacks.

Compliance Requirements

If the organization is subject to specific industry regulation or compliance standards a network review should align with the required assessment intervals. Compliance standards often mandate regular security audits and assessments.