Monitoring cycle

Continuous monitoring. You’ve heard about it. You know you should be doing it. But are you? You might be surprised at how many “compliant” organizations tend to miss the boat on this one. How often do you hear that an organization was supposedly compliant to an industry standard following an incident or breach? What gives?

All too often, organizations fall victim to compliance tunnel vision. Compliance efforts drain resources and staff motivation to the point where everyday system monitoring becomes an unfocused task. At one end of the spectrum, there’s the technical staff viewing system monitoring as a mundane activity. On the other end, there’s an overwhelming amount of data being collected with seemingly no intelligent way of analyzing it to identify changes or abnormal behavior to predefined policy.

Continuous monitoring is the process of managing and tracking the security state of your systems and infrastructure to determine if the deployed security controls continue to be effective despite the inevitable changes that occur. While automation technologies play a critical role in monitoring the state of system components, a continuous monitoring program must have the following foundational elements to be effective:

  • Well-defined and institutionalized configuration management and control processes for organizational systems.
  • Routine security impact analyses conducted by knowledgeable personnel on proposed or actual changes to organizational systems and environments of operation.
  • Thorough assessment of security controls at a frequency determined by the results of security impact analyses, remediation efforts and residual risks.
  • Accurate and timely security status reporting to appropriate organizational officials.
  • Active involvement by senior organizational officials in the risk management process.

38North takes the worry out of continuous monitoring by developing an actionable continuous monitoring plan based on these components. Our consultants have defined and implemented continuous monitoring strategies and plans for a range of industries and will leverage their field experience to your benefit.

By considering your existing technologies, process and resources, we’ll design a continuous monitoring program that’s mindful of your budget and constraints. New technologies will only be recommended if existing monitoring technologies are deemed ineffective.

Contact 38North for more information on how we can help implement practical continuous monitoring strategies for your organization.