Information Security Governance Papers
| Paper Title | Continuous Monitoring |
|---|---|
| The Abstract of The Paper |
Monitor security controls to ensure that controls continue to be effective in their application through periodic testing and evaluation. Security control monitoring (i.e., verifying the continued effectiveness of those controls over time) and reporting the security status of the information system to appropriate agency officials is an essential activity of a comprehensive information security program. Monitor to ensure system security controls are functioning as required.
Perform self-administered or independent security audits or other assessments periodically. Types: using automated tools, internal control audits, security checklists, and penetration testing. Monitor system and/or users. Methods: review system logs and reports, use automated tools, review change management, monitor external sources (trade literature, publications, electronic news, etc.), and perform periodic reaccreditation. − POA&Ms − Measurement and metrics − Network monitoring |
| Web Link | http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf |