How to Build a Successful Continuous Monitoring (CM) Program
For years, continuous monitoring has been serving the IT industry regardless of the size of the businesses utilizing it. Historically, the ITIL programs featured this aspect, but now continuous monitoring has become essential to ensure the provision of added security.
What Is Continuous Monitoring?
ConMon, Continuous Control Monitoring (CCM) and Continuous Monitoring (CM) are different terms relating to the same concept.
“Continuous Monitoring is the formal process of defining an agency’s IT systems, categorizing each of these systems by the level of risk, application of the controls, continuous monitoring of the applied controls, and the assessment of the effectiveness of these controls against security threats.” — Ken Durbin (Cyber & Continuous Monitoring Practice Manager, Symantec)
The National Institute of Standards and Technology introduced a six-step process for the Risk Management Framework (RMF), and Continuous Monitoring is one of those 6 steps. Continuous Monitoring (CM) helps management to review business processes 24/7 to see if the performance, effectiveness and efficiency are achieving the anticipated targets, or if there is something deviating from the intended targets.
Why Is Continuous Monitoring Essential for Your Business?
Technology today has become an integral part of all business processes, but the ever-increasing threats to cybersecurity have given rise to the importance of a foolproof Continuous Monitoring Program.
Talking about IT, things happen, and changes occur in the blink of an eye. Companies have to continuously work on implementing updated security measures and identify the loopholes in the existing measures which may occur because of some unexpected changes to firmware, software and even hardware.
Continuous monitoring is important because the process is skeptical about potential threats. A good continuous monitoring program is the one that is flexible and features highly reliable, relevant and effective controls to deal with the potential threats.
Is Continuous Monitoring Really Complex?
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Mahwish Khan. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/M6yyiR1Mlyk/
