Continous Monitoring

---

As defined by National Institute of Standards and Technology, the process for continuous monitoring includes the following initiatives: 

• Define a continuous monitoring strategy based on risk tolerance that maintains clear visibility into assets and awareness of vulnerabilities and utilizes up-to-date threat information.
• Establish measures, metrics, and status monitoring and control assessments frequencies that make known organizational security status and detect changes to information system infrastructure and environments of operation, and status of security control effectiveness in a manner that supports continued operation within acceptable risk tolerances. 
• Implement a continuous monitoring program to collect the data required for the defined measures and report on findings; automate collection, analysis, and reporting of data where possible. 
• Analyze the data gathered and Report findings accompanied by recommendations. It may become necessary to collect additional information to clarify or supplement existing monitoring data. 
• Respond to assessment findings by making decisions to either mitigate technical, management, and operational vulnerabilities, or accept the risk; or transfer it to another authority. 
• Review and Update the monitoring program, revising the continuous monitoring strategy and maturing measurement capabilities to increase visibility into assets and awareness of vulnerabilities; further enhance data-driven control of the security of an organization’s information infrastructure; and increase organizational flexibility.  

Our security professional use automated and manual methods to ensure our client's information system are secured in accordance to their short and long term goals.