Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Shirley M. Radack;|
|Title:||Continuous Monitoring of Information Security: An Essential Component of Risk Management|
|Published:||October 25, 2011|
|Abstract:||This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. The guide helps organizations develop an ISCM strategy and implement an ISCM program that provides awareness of threats and vulnerabilities of information systems, and that facilitates the assessment of organizational assets and the effectiveness of security controls. The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.|
|Keywords:||cyber security, Federal Information Security Management Act, information security, information system continuous monitoring, information system life cycle, information technology, risk assessment, Risk Management Framework, security controls, security impact assessments, security plans, security requirements, security risks, threats to systems, vulnerabilities|
|Research Areas:||Information Technology, Computer Security, Cybersecurity|
|PDF version:||Click here to retrieve PDF version of paper (362KB)|