ITM 527 Module 2 Case

Module 2 – Case

CONTINUOUS MONITORING

Assignment Overview

Continuous monitoring is a critical part of risk management process. “Continuous monitoring is ongoing observance with intent to provide warning. A continuous monitoring capability is the ongoing observance and analysis of the operational states of systems to provide decision support regarding situational awareness and deviations from expectations.” —Source: Keith Willett (MITRE) in support of the NSA.

“Information Security Continuous Monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” —NIST.

Organizations should establish, implement, and maintain ISCM. ISCM should be a recursive process as its monitoring strategy is continually refined so that ISCM is a robust system. Tiered organization-wide ISCM framework and dynamic ISCM processes are proposed by the National Institute of Standards and Technology. Please scan through the important framework and processes in the following article. Its Appendix D “Technologies for Enabling ISCM” provides some technical and managerial details and examples.

NIST (2011). Information Security — Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800-137.

Additional reference models are also provided and extended to go more in depth both technically and managerially. Please investigate the CAESARS model below and its extension.

DHS (2011). Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS). Department of Homeland Security.

Mell, P. (2011) Presentation: An Enterprise Continuous Monitoring Technical Reference Model. Jointly developed by the U.S. National Security Agency, the U.S. Department of Homeland Security, and the National Institute of Standards and Technology.

Assignment Expectations

After reading the above articles, please write a 3- to 5-page paper titled:

“Information Security Continuous Monitoring—Challenges and Solutions”

Please address the following issues in your paper:

  1. The importance of continuous monitoring of information systems
  2. The technical and managerial challenges of continuous monitoring
  3. The technical and managerial solutions to continuous monitoring, including framework, processes, etc.


Leave a Comment

Your email address will not be published. Required fields are marked *

Is this question part of your Assignment?

Get expert help

Girl in a jacket


We are a team of academic consultants with extensive experience in writing academic papers for college students in the US, Canada, UK, AU, and other parts of the world.

We help students with both technical and non-technical assignments across all majors & academic disciplines.

Unlike what our name suggests, we research and draft everything word for word. We do not use AI or any rewriting tool! We provide Turnitin reports for AI & Turnitin alongside every paper.

Need help? Send us your assignment now!

description here description here description here