An organization should have a standard configuration for all of their technologies, and they need to be evaluated from time to time. In order for the most correct scanning to occur, there must be a few requirements that have to be understood across IT and InfoSec teams.
In order to have different views on the compliance with these baselines, stakeholders in the process should be able to visually see the risk metric broken down by the following:
- Region
- Country
- Operating system
- Application
An example dashboard is presented here: