ABSTRACT
Continuous monitoring is an effort that is exercised throughout the infrastructure and is led by management and reflected within an organization's mission-critical functions. Any effort or process intended to support ongoing monitoring of information security across an organization begins with leadership defining a comprehensive continuous monitoring strategy encompassing personnel, technology, processes, procedures, and operating environments. A continuous monitoring program is established to collect information in accordance with preestablished metrics, utilizing information readily available in part through implemented security controls and sound practices within the information technology infrastructure security requirements. Continuous monitoring is part of the organization's overall risk management process and is the effect of good practices, discipline, and a well-trained staff. Continuous monitoring metrics originating at the information systems tier can be used to assess, respond, analyze trends, and monitor risk across the organization.
