ITM527 Mod 2 SLP: Continuous Monitoring Requirements
Module 2 - SLP
Continuous Monitoring
The following example demonstrates how to apply continuous monitoring technical reference model to a particular risk management domain. Please read the following article and identify a few key lessons learned from it in relation to what principles and methods you have learned in the case assignment.
NIST (2011). Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains.
Practicing continuous monitoring fundamentals, processes, etc. to one's own experiences offers an opportunity to apply what you've learned to the real world. Can you choose a particular information system security domain of your organization or industry and apply what you learned from the case readings and SLP examples? You can choose to assess comprehensively, or you can choose not to cover all the aspects of continuous monitoring but focus on two or three major perspectives and go much more in depth. You can choose the same security domain in the previous SLP assignment in this course, or start with a new one.
SLP Assignment Expectations
Please write a 2- to 5-page paper titled:
"Continuous Monitoring for ______ (your chosen information system security domain in your chosen organization/industry): Challenges and Solutions"
Please address the following issues:
1. Special requirements of continuous monitoring in your chosen information system security domain in your chosen organization/industry if there are any.
2. Two or three major perspectives of continuous monitoring that you choose to go in depth to discuss.
3. One or two major lessons learned from the example that you'd like to apply in your own continuous monitoring issue here.
4. Key challenges and solutions of continuous monitoring.
• Please use original writing (No Plagerism)
• Please use American URLs than can be easily verified on the web on the reference page.
• Please include the page numbers in the references
• Read then background material in the attachment titled Background
• My Organization is US Department of Defense
Continuous Monitoring
Name:
Institution:
Course:
Date:
Continuous monitoring
As part of the executive branch of government at the federal level, the United States Department of Defense plays a vital role in ensuring that the nation’s security is well guarded at all times. Relative to the fact that it also oversees much of the other government departments’ functions, it is a very sensitive docket and one that requires continuous monitoring technical reference model (NIST, 2011b). This is a model that is largely a risk management approach where an organization or in this case a department is able to maintain the accurate picture of the government’s departments security risks posture, provide visibility to the assets, leveraging the use of automated data feeds to measure their security, ensuring effectiveness of the security controls in place and enabling prioritization of remedies (NIST, 2011a). There are quite a number of domains that continuous monitoring can support, which include; patch management, vulnerability management, event management, incident management, asset management, network management, malware detection, license management, software assurance and information management. Of importance in this paper are the asset management, vulnerability and configuration data domain within the US department of defense, under the continuous monitoring (Mell, 2011).
Requirements
In the state’s department of defense there are billions of assets, all of which are geared towards making sure that all the other departments are working in the most effective and secure manner. For continuous monitoring, there is a requirement to map out all the assets starting with the people, information technology systems, IT networks, software and computing platforms (Mell, 2011). In the case of the vulnerability management, continuous monitoring, requirements include the ability to assess the various areas that are prone to attack and allocating resources to ensure that those attacks do not materialize (DHS, 2011). Configuration management relates to the equipment needs, the resources available and the departmental needs relative to domain challenges dynamism.
Asset, vulnerability and configuration management
This is a domain that plays a very crucial part especially with regard to the rest of the domains at the department. Domains affect the elements of security and information technology management at a fundamental level. It is also important to note that both configuration and vulnerability management are highly reliant on the asset management....
👀 Other Visitors are Viewing These APA Other (Not Listed) Samples:
- A Compare and Contrast Essay3 pages/≈825 words | 2 Sources | APA | Technology | Other (Not Listed) |
- SAP CRM Interview3 pages/≈825 words | No Sources | APA | Technology | Other (Not Listed) |
- biomanufacturing 1 page/≈275 words | 2 Sources | APA | Technology | Other (Not Listed) |
- Belief & Culture: Build Awareness2 pages/≈550 words | 6 Sources | APA | Technology | Other (Not Listed) |
- Application of Information Security Management Framework in an Organization4 pages/≈1100 words | 5 Sources | APA | Technology | Other (Not Listed) |
- EA-QUIP vs TREAT 3.2.58 pages/≈2200 words | No Sources | APA | Technology | Other (Not Listed) |
- ITM527 The Challenges in Continuous Monitoring of Information Systems Security1 page/≈275 words | 2 Sources | APA | Technology | Other (Not Listed) |