The following example demonstrates how to apply continuous monitoring technical reference model to a particular risk management domain. Please read the following article and identify a few key lessons learned from it in relation to what principles and methods you have learned in the case assignment.
NIST (2011). Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains.
Practicing continuous monitoring fundamentals, processes, etc. to one’s own experiences offers an opportunity to apply what you’ve learned to the real world. Can you choose a particular information system security domain of your organization or industry and apply what you learned from the case readings and SLP examples? You can choose to assess comprehensively, or you can choose not to cover all the aspects of continuous monitoring but focus on two or three major perspectives and go much more in depth. You can choose the same security domain in the previous SLP assignment in this course, or start with a new one.
Please write a 2- to 5-page paper titled:
“Continuous Monitoring for ______ (your chosen information system security domain in your chosen organization/industry): Challenges and Solutions”
Please address the following issues:
Your assignment will be graded according to the MSITM SLP Grading Rubric, which aligns with the following expectations. (To see the rubric, go to Assessments>Rubrics. Click the arrow next to the rubric name and choose Preview.)