TY - GEN
T1 - Assessing Information Security Continuous Monitoring in the Federal Government
AU - AlSadhan, Tina
AU - Park, Joon
N1 - Publisher Copyright:
© 2022 Curran Associates Inc.. All rights reserved.
PY - 2022
Y1 - 2022
N2 - To confront the relentless and increasingly sophisticated cyber assaults from cybercriminals, nation-state actors, and other adversaries, the U.S. Federal Government must have mechanisms to reduce or eliminate compromise and debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to rapidly detect, analyze, and prioritize vulnerabilities and threats and deliver a data-driven, risk-based approach to cybersecurity. Although monitoring information system security became a requirement for government agencies over 20 years ago and billions of dollars are being spent annually for cybersecurity, ISCM remains at a low maturity level across the Federal Government. This research framework presented is part of ongoing doctoral research. The research seeks to identify the challenges achieving an effective ISCM program and inform measures needed to optimize ISCM. The research involves conducting an ISCM Program Assessment in a Department of Defense (DoD) organization using the recently published National Institute of Standards and Technology (NIST) ISCM Assessment (ISCMA) methodology and the companion assessment tool ISCMAx. An ISCM doctrine placement is presented, derived from the NIST ISCM assessment elements, to more clearly articulate and visualize the doctrine of a well-designed and well-implemented ISCM program. This research will also contribute to the knowledge base for assessing ISCM in the Federal government and the functionality of the ISCMAx tool.
AB - To confront the relentless and increasingly sophisticated cyber assaults from cybercriminals, nation-state actors, and other adversaries, the U.S. Federal Government must have mechanisms to reduce or eliminate compromise and debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to rapidly detect, analyze, and prioritize vulnerabilities and threats and deliver a data-driven, risk-based approach to cybersecurity. Although monitoring information system security became a requirement for government agencies over 20 years ago and billions of dollars are being spent annually for cybersecurity, ISCM remains at a low maturity level across the Federal Government. This research framework presented is part of ongoing doctoral research. The research seeks to identify the challenges achieving an effective ISCM program and inform measures needed to optimize ISCM. The research involves conducting an ISCM Program Assessment in a Department of Defense (DoD) organization using the recently published National Institute of Standards and Technology (NIST) ISCM Assessment (ISCMA) methodology and the companion assessment tool ISCMAx. An ISCM doctrine placement is presented, derived from the NIST ISCM assessment elements, to more clearly articulate and visualize the doctrine of a well-designed and well-implemented ISCM program. This research will also contribute to the knowledge base for assessing ISCM in the Federal government and the functionality of the ISCMAx tool.
KW - continuous monitoring
KW - cybersecurity
KW - security assessment
UR - http://www.scopus.com/inward/record.url?scp=85172882756&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85172882756&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85172882756
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 351
EP - 359
BT - Proceedings of the 21st European Conference on Cyber Warfare and Security, ECCWS 2022
A2 - Eze, Thaddeus
A2 - Khan, Nabeel
A2 - Onwubiko, Cryil
A2 - Onwubiko, Cryil
PB - Curran Associates Inc.
T2 - 21st European Conference on Cyber Warfare and Security, ECCWS 2022
Y2 - 16 June 2022 through 17 June 2022
ER -