Maintaining compliance with laws and regulations in a complex IT environment is difficult. The vast array of regulations a company must comply with is constantly increasing and changing.  Each state has its own set of laws and regulations that indicate who is covered by the law & what event triggers consumer notifications.  Laws which require notifying consumers of data breaches are a good example of conflicting rules.

1. Discuss the importance of collaboration and policy compliance across business areas

2. How can penetration testing be used to help ensure compliance?