Iscm Strategic Plan
The objectives of the DOC ISCM Strategic Plan include the following:
• Help drive the U.S. Government continuous monitoring vision through strategic milestones that can be progressively and methodically achieved;
• Delineate roles and responsibilities for the successful realization of continuous monitoring throughout the Department;
• Communicate the projected timeframes, outcomes, end–states, and benefits of continuous monitoring;
• Ensure balance and alignment of technical and non–technical processes, both of which are fundamental for the successful operationalization of continuous monitoring;
• Promote a common language for prioritizing continuous monitoring implementation stages; a systematic structure to guide, track, and measure …show more content…
are often requested by organization officials such as the Risk Executive, CIO, CISO, and AO as well as by external Federal entities such as DHS and OMB, because they provide a holistic view of the security posture of the organization and measure the effectiveness of the program. The ISCM Program team will define metrics and security controls that align with their information security goals and identify improvements to the security posture of the systems. Metrics and controls should include security-related information from security status monitoring and security status assessments and support risk-based decision making. Moreover, the measurement and reporting schedule will need to be adjusted accordingly as the program matures and as additional requirements are identified. Current ECMO metrics as outlined in the table below will serve as a starting point. The ISCM integrated project team will continue to develop relevant and measurable metrics that support reporting through an executive level CDM dashboard. Additional information on security controls can be found in Appendix B. The dashboard will summarize security metrics and reporting while continuously providing trend analysis for the organization, and give management the ability to see the progress or regression of a given system within the cybersecurity continuous monitoring …show more content…
To the extent possible, organizations should identify, report, and remediate vulnerabilities in a coordinated, organization-wide manner using automated vulnerability and patch management tools and technologies. Vulnerability scanners are commonly used in organizations to identify known vulnerabilities on hosts and networks and on commonly used operating systems and applications. These scanning tools can proactively identify vulnerabilities, provide a fast and easy way to measure exposure, identify out-of-date software versions, validate compliance with an organizational security policy, and generate alerts and reports about identified
• Help drive the U.S. Government continuous monitoring vision through strategic milestones that can be progressively and methodically achieved;
• Delineate roles and responsibilities for the successful realization of continuous monitoring throughout the Department;
• Communicate the projected timeframes, outcomes, end–states, and benefits of continuous monitoring;
• Ensure balance and alignment of technical and non–technical processes, both of which are fundamental for the successful operationalization of continuous monitoring;
• Promote a common language for prioritizing continuous monitoring implementation stages; a systematic structure to guide, track, and measure …show more content…
are often requested by organization officials such as the Risk Executive, CIO, CISO, and AO as well as by external Federal entities such as DHS and OMB, because they provide a holistic view of the security posture of the organization and measure the effectiveness of the program. The ISCM Program team will define metrics and security controls that align with their information security goals and identify improvements to the security posture of the systems. Metrics and controls should include security-related information from security status monitoring and security status assessments and support risk-based decision making. Moreover, the measurement and reporting schedule will need to be adjusted accordingly as the program matures and as additional requirements are identified. Current ECMO metrics as outlined in the table below will serve as a starting point. The ISCM integrated project team will continue to develop relevant and measurable metrics that support reporting through an executive level CDM dashboard. Additional information on security controls can be found in Appendix B. The dashboard will summarize security metrics and reporting while continuously providing trend analysis for the organization, and give management the ability to see the progress or regression of a given system within the cybersecurity continuous monitoring …show more content…
To the extent possible, organizations should identify, report, and remediate vulnerabilities in a coordinated, organization-wide manner using automated vulnerability and patch management tools and technologies. Vulnerability scanners are commonly used in organizations to identify known vulnerabilities on hosts and networks and on commonly used operating systems and applications. These scanning tools can proactively identify vulnerabilities, provide a fast and easy way to measure exposure, identify out-of-date software versions, validate compliance with an organizational security policy, and generate alerts and reports about identified