ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Benefits and Challenges of Continuous Monitoring Systems

The Benefits and Challenges of Continuous Monitoring Systems

| Published: 1/19/2015 3:11 PM | Category: Security | Permalink | Email this Post | Comments (0)

Tieu LuuTieu Luu

There is a big push within the United States federal government right now to implement information security continuous monitoring (ISCM) across all of its computer networks. According to the US National Institute of Standards and Technology (NIST),“information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities and threats to support organizational risk management decisions.” Key benefits of an ISCM program include enabling consistent adoption of cybersecurity best practices, streamlining and automating manual assessment processes, measuring risk, and prioritizing the problems that need to be fixed first. The US Department of Homeland Security (DHS) is spearheading the effort to implement an ISCM, with an initial focus to roll out hardware asset management, software asset management, configuration settings management and vulnerability management capabilities across federal agencies. 

Implementing an ISCM program can be a complex undertaking, especially at large federal agencies that may have hundreds of thousands of devices deployed across multiple geographically distributed sites. The challenges range from technical challenges, such as data integration issues, to operational challenges, such as training staff to properly use the tools, to governance challenges, such as how to enforce reporting and compliance. My recent Journal article describes my company’s experience when working with a large federal agency to develop a continuous monitoring system that is responsible for monitoring millions of devices across a globally distributed network. The article discusses the key technical challenges we encountered and the techniques we applied to overcome those challenges based on 4 years of successes and some painful lessons we learned along the way. 

Read Tieu Luu’s recent Journal article:
Implementing an Information Security Continuous Monitoring Solution—A Case Study,” ISACA Journal, volume 1, 2015.


There are no comments yet for this post.