Continuous Monitoring

The NIST Publication 800-137 provides guidelines for information security continuous monitoring (ISCM) of federal agencies. They can also be used by private industries. There are six steps in the information security continuous monitoring program. The NIST Publication 800-137 explains the six steps. Brookdale Hospital is located in Brooklyn, New York and has developed and implemented its acceptable use policy (AUP) that resulted in security controls from the following family names: access controls, identification and authentication, personal use of Internet, security awareness training, and audit and accountability. Using the ISCM steps, describe how you would devise a strategy to monitor the effectiveness of this policy. Recall the activities from the self-test and briefly describe each step. 1.Define an ISCM strategy that gives an account of what assets may be vulnerable to attack at Brookdale Hospital and which one of the security controls described above may currently be in place. 2.Establish an ISCM program that identifies key metrics that should be monitored for the security control/controls that you selected in the first step. Think about the automated process that could generate a report. 3.Implement an ISCM program and describe how you would collect this data and consolidate the reports. 4.Analyze data, report findings, describe whether the reports are complete, and whether more detail is required to validate the effectiveness of the AUP. 5.Respond to findings and describe whether the security control/controls that you choose should be modified or enhanced. 6.Review and update the ISCM strategy and program and describe whether the security control or the policy needs to be changed. Will Brookdale Hospital accept the risk of vulnerabilities described in step 1? Reference Dempsey, K., Chawla, N. S., Johnson, A., Johnston, R., Jones, A. C., Orebaugh, A., . . . Stine, K. (2011, September). Information Security Continuous Monitoring (ISCM) for federal information systems and organizations [PDF file size 964 KB] (NIST Special Publication 800-137) Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf