Assessing Information Security Continuous Monitoring (ISCM) Programs:

Dempsey, Kelley; Pillitteri, Victoria; Baer, Chad; Niemeyer, Robert; Rudman, Ron; Urban, Susan D.

doi:10.6028/nist.sp.800-137a-draft

Cited by 2 publications

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An effective ISCM program maintains a picture of an organization's security posture, presents security-related data, and incorporates results to portray greater situational awareness (Mell et al, 2012;Dempsey et al, 2020). Through constant observation and analysis, ISCM provides visibility into assets, awareness of vulnerabilities and threats, and improves overall cyber situational awareness.…”

Section: Introductionmentioning

confidence: 99%

Assessing Information Security Continuous Monitoring in the Federal Government

AlSadhan¹,

Park²

2022

eccws

View full text Add to dashboard Cite

To confront the relentless and increasingly sophisticated cyber assaults from cybercriminals, nation-state actors, and other adversaries, the U.S. Federal Government must have mechanisms to reduce or eliminate compromise and debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to rapidly detect, analyze, and prioritize vulnerabilities and threats and deliver a data-driven, risk-based approach to cybersecurity. Although monitoring information system security became a requirement for government agencies over 20 years ago and billions of dollars are being spent annually for cybersecurity, ISCM remains at a low maturity level across the Federal Government. This research framework presented is part of ongoing doctoral research. The research seeks to identify the challenges achieving an effective ISCM program and inform measures needed to optimize ISCM. The research involves conducting an ISCM Program Assessment in a Department of Defense (DoD) organization using the recently published National Institute of Standards and Technology (NIST) ISCM Assessment (ISCMA) methodology and the companion assessment tool ISCMAx. An ISCM doctrine placement is presented, derived from the NIST ISCM assessment elements, to more clearly articulate and visualize the doctrine of a well-designed and well-implemented ISCM program. This research will also contribute to the knowledge base for assessing ISCM in the Federal government and the functionality of the ISCMAx tool.

show abstract

Section: Introductionmentioning

confidence: 99%

Assessing Information Security Continuous Monitoring in the Federal Government

AlSadhan¹,

Park²

2022

eccws

View full text Add to dashboard Cite

show abstract

Cyber risk reduction in China, Russia, the United States and the European Union

Saalman,

Su,

Dovgal

2024

View full text Add to dashboard Cite

This report provides an overview of cyber risk reduction terminology and regulatory measures within China, Russia, the United States and the European Union. It finds, among other things, that China and Russia excel at clear visuals and steps, yet they also tend to lack linguistic clarity. China, the USA and the EU possess interagency and public–private sector coordination, while facing jurisdictional overlap. China, Russia, the USA and the EU are securing their supply chains, yet China and Russia face challenges with burdensome penalties for non-compliance, and the USA and the EU confront obstacles to enforcement at the state and member-state levels. This report is intended to provide a baseline for engagement among the four actors to strengthen and deconflict their respective cyber risk reduction approaches. The authors would like to express their sincere gratitude to the German Federal Foreign Office for their generous support of this project.

show abstract

Assessing Information Security Continuous Monitoring (ISCM) Programs:

Cited by 2 publications

References 0 publications

Assessing Information Security Continuous Monitoring in the Federal Government

Assessing Information Security Continuous Monitoring in the Federal Government

Cyber risk reduction in China, Russia, the United States and the European Union

Contact Info

Product

Resources

About