The implementation of continuous monitoring is a critical step in any successful risk management strategy, particularly for larger enterprises and government organizations. It establishes the ongoing collection and automated analysis of all log and event data, looking at all records of activity and performing real-time advanced correlation and pattern recognition. Continuous monitoring can alert on individual and broader malicious event sequences simplifying remediation and helping mitigate risk.
Continuous monitoring is one of six steps in the Risk Management Framework (RMF) outlined in NIST Special Publication 800-37, Revision 1 and is a major component for validating the Recommended Security Controls for Federal Information Systems and Organizations outlined in NIST Special Publication 800-53, Revision 3. It is also critical for maintaining organizational risk management strategies related to commercial regulations, such as Sarbanes-Oxley, by providing information required to establish sufficient internal security controls for ongoing compliance assurance.
Download Continuous Monitoring Use Case PDF
Continuous monitoring combines process and technology, detecting and alerting on operational and security issues related to a wide range of compliance and risk concerns.