Question 1: Imagine you are the CISO of a large organization that changes its assets, applications, and configurations dynamically. The organization is in a constant reactive model in responding to security incidents. Explain what benefits would be realized if continuous monitoring and risk management processes are in place and operational.
Question 2: Recommend and describe the vulnerability management procedures you believe should be in place for a small finance company that has two remote sites connected with a virtual private network connection.