LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Continuous security monitoring

Continuous security monitoring

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Continuous security monitoring

“

- [Instructor] An essential part of operations is monitoring for both technical and regulatory activity that may require intervention. A complete and comprehensive approach to this challenge is to build an information security continuous monitoring program. The US National Institute of Standards and Technology has an entire special publication dedicated to this process, NIST Special Publication 800-137. In this publication, NIST defines ISCM as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. In other words, ISCM provides constant visibility into your potential exposures so that you can be proactive about managing the associated risks. That same NIST publication lays out six steps that you should follow in order to establish, implement, and maintain an ISCM program. One, define an ISCM strategy. Two, establish an ISCM program. Three, implement an ISCM program. Four, analyze data and report…

Contents