Three Keys to Success for Continuous Monitoring in Government
In recent years, the US government has become a leading advocate for
continuous monitoring of security threats and vulnerabilities. But how
effectively are departments and agencies in implementing these programs? And
how do we measure success?
Moving Towards Continuous Monitoring
Though it's become a popular concept, continuous monitoring wasn't always in
vogue. When the Federal Information Security Management Act (FISMA) was
enacted in 2002, the law required agencies to document security practices,
including taking inventory of information systems and writing security plans.
External firms would audit the plans and grade departments and agencies based
on their efforts.
This approach earned two main critiques. First, though agencies may have had
well documented security programs, they weren't necessarily i... (more)