How often should the security baseline be re-established?

Re-establishing the security baseline every 90 days is considered best practice in network security. This timeframe allows organizations to periodically assess and update their security measures to keep up with evolving threats, vulnerabilities, and changes in the IT environment. By reviewing and revising the security baseline quarterly, organizations can ensure that their policies and controls remain relevant and effective against emerging risks. Additionally, regular updates help in maintaining compliance with industry standards and regulatory requirements that may mandate periodic reviews.

Frequent updates to the security baseline also enhance the organization's ability to adapt to new technologies, system updates, and changes in user behavior that could impact security posture. In contrast, less frequent updates, such as those suggested in the other choices, may lead to outdated security measures that inadequately protect against current threats.