Continuous Monitoring 101

Introduction

What if there was a concept that would allow you insight into your IT and information security environment, showing you near real-time events and changes to your environment coupled with the knowledge of how it would impact your systems? There is, and it is called continuous monitoring (CM). This article will detail what you need to know about the basics of CM and will leave you with a better understanding of the underlying concepts.

What Is Continuous Monitoring?

Continuous monitoring (CM) is a powerful concept that will give you better situational awareness of your IT and information security systems. At the macro level, CM is an essential part of a robust information security plan integral to the Risk Management Framework (RMF) process. At the much more interesting micro level, CM give up-to-date, detailed insight into the compliance and network status of your environment. This comes by way of reporting and can include internal control inconsistencies, information security events and system changes. You can even set your CM system to inform you how your environment will be affected by what is shown in reporting.

While all of this sounds good, this is a bit of a simplified presentation of CM. Proper implementation of CM solutions can become quite complex, because that implementation really depends on the organization using it. The larger and more complex an organization’s IT environment is, the more complex the CM solution will tend to be. For example: In a large enterprise, a CM will need to understand the context of what happened, not just that something happened. After data has been collected and digested, it can then be used to create an information security risk assessment.

Elements of Continuous Monitoring

Data Collection

The most elemental part CM is data collection. Data collection can be performed by (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/AnJkVyjDqSY/