NIST logo

Publication Citation: Continuous Monitoring of Information Security: An Essential Component of Risk Management

NIST Authors in Bold

Author(s): Shirley M. Radack;
Title: Continuous Monitoring of Information Security: An Essential Component of Risk Management
Published: October 25, 2011
Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. The guide helps organizations develop an ISCM strategy and implement an ISCM program that provides awareness of threats and vulnerabilities of information systems, and that facilitates the assessment of organizational assets and the effectiveness of security controls. The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.
Citation: ITLB -
Pages: 7 pp.
Keywords: cyber security; Federal Information Security Management Act; information security; information system continuous monitoring; information system life cycle; information technology; risk assessment; Risk Management Framework; security controls; security impact assessments; security plans; security requirements; security risks; threats to systems; vulnerabilities
Research Areas: Information Technology, Computer Security, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (362KB)