• PDF / 288,188 Bytes
• 11 Pages / 504 x 720 pts Page_size
• 62 Downloads / 221 Views

DOWNLOAD

REPORT

Continuous Monitoring of Incident Response Program An important characteristic of program maturity is continuous monitoring by management. This means leaders of the program establish performance indicators, aligned with management’s expectations, and these indicators are reviewed regularly. In the Program Review for Information Security Assurance (PRISMA), these actions are captured in the measured and managed categories. Metrics are developed, and management reviews performance of the program, to confirm that it meets the organization’s needs. The National Institute for Standards and Technology (NIST) special publication (SP) 800-1371 was created to outline how federal agencies should develop continuous monitoring. These guidelines are useful for developing continuous monitoring inside any organization, and it is especially important for monitoring the performance of the incident response program. The key pieces of continuous monitoring include •

Defining a continuous monitoring strategy

•

Establishing a continuous monitoring program

•

Implementing the program

•

Analyzing and reporting findings

•

Responding to findings

•

Reviewing and updating the strategy and program

 elley Dempsey et al., “Information Security Continuous Monitoring (ISCM) for Federal K Information Systems and Organizations,” NIST SP 800-137, September 2011.

1

© Eric C. Thompson 2018 E. C. Thompson, Cybersecurity Incident Response, https://doi.org/10.1007/978-1-4842-3870-7_10

125

Chapter 10

Continuous Monitoring of Incident Response Program

So even here, where a process is established to continually monitor the security program and, more specifically, the incident response program, a step exists to review and update the program responsible for the review and update to key processes. This pushes the program toward a data-driven model. Evaluating performance against established benchmarks, adjusting where necessary, and monitoring progress period by period are keys to effectiveness. In this scenario, in which the NIST Cybersecurity Framework was adopted as the foundation of the cybersecurity program, continuous monitoring focuses on the Detect, Respond, and Recover Functions. To understand how to apply NIST (SP) 800-137, this chapter steps through the fundamental concepts and processes of continuous monitoring. Then these concepts are applied to the cybersecurity environment discussed in Chapters 2 and 3.

Components of Continuous Monitoring All NIST publications, and (SP) 800-137 is no different, are ideal for laying the groundwork for effective development of processes and procedures. The need to monitor the incident response program is so important that beginning with an established foundation is necessary. •

Define a monitoring strategy.

•

Establish the monitoring program.

•

Implement the monitoring program.

•

Analyze and report findings.

•

Review findings.

•

Review and update the continuous monitoring strategy.

NIST (SP) 800-137 aligns with the risk management program guidelines published in (SP) 80

Recommend Documents

Incident Response and Recovery

170 79 3MB

Continuous Monitoring of Spatial Queries

155 40 2MB

Develop a Good Monitoring Program

152 0 406KB

A Comprehensive Study About Cybersecurity Incident Response Capabilities in Ecuador

133 22 83MB

Continuous glucose monitoring in type 1 diabetes

166 34 448KB

Continuous EEG Monitoring Principles and Practice

154 101 49MB

Continuous Information Monitoring in Software Startups

161 79 9MB

SiC RF Sensor for Continuous Glucose Monitoring

166 31 370KB

Continuous Monitoring of Cerebrovascular Pressure-Reactivity in Head Injury

148 104 747KB

A Differential Capacitive Viscometric Sensor for Continuous Glucose Monitoring

226 64 373KB

Rapid and Continuous Imaging for Crack Monitoring During APT Experiments

148 84 167MB

Early Response to Preventive Strategies in the Diabetes Prevention Program

169 8 321KB