In recent years, the US government has become a leading advocate for continuous monitoring of security threats and vulnerabilities. But how effectively are departments and agencies in implementing these programs? And how do we measure success?
Moving Towards Continuous Monitoring
Though it’s become a popular concept, continuous monitoring wasn’t always in vogue. When the Federal Information Security Management Act (FISMA) was enacted in 2002, the law required agencies to document security practices, including taking inventory of information systems and writing security plans. External firms would audit the plans and grade departments and agencies based on their efforts.