To confront the relentless and increasingly sophisticated cyber assaults from cybercriminals, nation-state actors, and other adversaries, the U.S. Federal Government must have mechanisms to reduce or eliminate compromise and debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to rapidly detect, analyze, and prioritize vulnerabilities and threats and deliver a data-driven, risk-based approach to cybersecurity. Although monitoring information system security became a requirement for government agencies over 20 years ago and billions of dollars are being spent annually for cybersecurity, ISCM remains at a low maturity level across the Federal Government. This research framework presented is part of ongoing doctoral research. The research seeks to identify the challenges achieving an effective ISCM program and inform measures needed to optimize ISCM. The research involves conducting an ISCM Program Assessment in a Department of Defense (DoD) organization using the recently published National Institute of Standards and Technology (NIST) ISCM Assessment (ISCMA) methodology and the companion assessment tool ISCMAx. An ISCM doctrine placement is presented, derived from the NIST ISCM assessment elements, to more clearly articulate and visualize the doctrine of a well-designed and well-implemented ISCM program. This research will also contribute to the knowledge base for assessing ISCM in the Federal government and the functionality of the ISCMAx tool.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.