discovery of new vulnerabilities, or changes to known vulnerabilities or likely
threat scenarios.
37 Outsourcing good practice guide: security governance framework for IT managed service provision, dated
2 August 2006. This document may be downloaded from the NISCC web-site, http://www.niscc.gov.uk.