Continuous monitoring is a concept that has grown in importance during the transition to cloud computing. Information Security Continuous Monitoring (ISCM) is defined as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.”
Resource: NIST SP 800-137, page vi http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf
The terms continuous and ongoing in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions that adequately protect the organization’s information. In NIST SP 800-137r1, this is described as a disciplined and structured process that integrates information security and risk management activities into the system development lifecycle. Ongoing monitoring is a critical part of that risk management process. In addition, an organization’s overall security architecture and accompanying security program are monitored to ensure that organization-wide operations remain within an acceptable level of risk, despite any changes that occur. Timely, relevant, and accurate information is vital, particularly when resources are limited, and agencies must prioritize their efforts.
An ISCM strategy:
- Is grounded in a clear understanding of organizational risk tolerance and helps officials set priorities and manage risk consistently throughout the organization
- Includes metrics that provide meaningful indications of security status at all organizational tiers
- Ensures continued effectiveness of all security controls
- Verifies compliance with information security requirements derived from organizational missions/business functions, federal legislation, directives, regulations, policies, and standards/guidelines
- Is informed by all organizational IT assets and helps to maintain visibility into the security of the assets
- Ensures knowledge and control of changes to organizational systems and environments of operation
- Maintains awareness of threats and vulnerabilities
Related article – Data Event Logging & Event Attributes