Warning: Use of undefined constant add_shortcode - assumed 'add_shortcode' (this will throw an Error in a future version of PHP) in /nfs/c03/h04/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/stray-quotes/stray_quotes.php on line 615

Warning: Use of undefined constant MSW_WPFM_FILE - assumed 'MSW_WPFM_FILE' (this will throw an Error in a future version of PHP) in /nfs/c03/h04/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/wordpress-file-monitor/wordpress-file-monitor.php on line 39
Continuous Monitoring

Continuous Monitoring

Continuous monitoring is found as a critical last step in many of the other processes including:

  • Risk management
  • Security control implementation
  • Configuration management
  • Authorization (C&A)

The most appropriate placement in the SDLC is probably within the configuration managment process, but since it is so important and ties into so many other processes, it will be covered in a collective fashion in this section.

Continuous monitoring is a dynamic process that requires near real-time security status information. Time sensitive process flows that depend on this are:

  • Security status analysis
  • Risk posture viewpoint
  • Mitigation decisions
  • Effectiveness of actions

Substeps inside the Continuous monitoring process include:

  • Control selection – priority should be given to:
    • Controls involved with the most critical processes
    • Controls with the greatest volatility
    • Common controls
    • POAMs
  • Monitoring:
    • Network monitoring
    • Vulnerability scanning
    • Audit monitoring
    • Integrity checking
  • Sharing information with partners
  • Updating documentation