Information in this chapter:
• The Role of Continuous Monitoring in Security Management
• Continuous Monitoring and the Risk Management Framework
• Developing a Continuous Monitoring Strategy
• Agency and System Level Perspectives on Continuous Monitoring
• Approaches, Tools, and Techniques for Continuous Monitoring
Information system security focuses on two fundamental activities: implementing and correctly configuring security controls to reduce risk to an acceptable level, and—recognizing that this first activity is difficult or impossible to do perfectly—testing and monitoring the system and its environment to understand whether the controls are providing the intended level of protection . Once systems are ...