NIST has produced an interesting set of drafts related to Continuous Monitoring(CM).
Continuous Monitiring here can be explained by sentence:
“Continuous security monitoring is a risk management approach to Cybersecurity that maintains a
picture of an organization’s security posture, provides visibility into assets, leverages use of
automated data feeds, monitors effectiveness of security controls, and enables prioritization of
remedies.”
Enterprise Architecture view is presented below.
The material presented in these drafts are steps into good direction. It is definitely worth to look this material.
Look also
- Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report by DHS (Department of Homeland Security).
- Maturity model is presented here in the SCAP’s event section.
