Chapter 14

Continuous Monitoring

Information in this chapter:

• The Role of Continuous Monitoring in Security Management

• Continuous Monitoring and the Risk Management Framework

• Developing a Continuous Monitoring Strategy

• Agency and System Level Perspectives on Continuous Monitoring

• Approaches, Tools, and Techniques for Continuous Monitoring

Information system security focuses on two fundamental activities: implementing and correctly configuring security controls to reduce risk to an acceptable level, and—recognizing that this first activity is difficult or impossible to do perfectly—testing and monitoring the system and its environment to understand whether the controls are providing the intended level of protection [1]. Once systems are ...

Get FISMA and the Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.