Homework: Continuous Monitoring
Continuous monitoring is a critical part of the risk management process. "Continuous monitoring is ongoing observance with intent to provide warning. A continuous monitoring capability is the ongoing observance and analysis of the operational states of systems to provide decision support regarding situational awareness and deviations from expectations." -Source: Keith Willett (MITRE) in support of the National Security Agency.
"Information Security Continuous Monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions." -NIST.
Organizations should establish, implement, and maintain ISCM. ISCM should be a recursive process as its monitoring strategy is continually refined so that ISCM is a robust system. Tiered organization-wide ISCM framework and dynamic ISCM processes are proposed by the National Institute of Standards and Technology. Please scan through the important framework and processes in the following article. Its Appendix D "Technologies for Enabling ISCM" provides some technical and managerial details and examples.
NIST (2011). Information Security -- Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800-137.
Additional reference models are also provided and extended to go more in depth both technically and managerially. Also review the CAESARS model below.
Mell, P., Waltermire, D., Feldman, L., Booth, H., Ouyang, A., Ragland, Z., & McBride, T. (2012). CAESARS framework extension: an enterprise continuous monitoring technical reference model (in documents)
Case Homework
After reading the above articles, write a 3 to 5 pages paper titled: "Information Security Continuous Monitoring-Challenges and Solutions"
Task
Address the following issues in your paper:
1. The importance of continuous monitoring of information systems.
2. The technical and managerial challenges of continuous monitoring.
3. The technical and managerial solutions to continuous monitoring, including framework, processes, etc.
Format your homework according to the give formatting requirements:
1. The answer must be double spaced, typed, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the homework, the course title, the student's name, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The references and Citations should follow APA format. The reference page is not included in the required page length.