Assessing Information Security Continuous Monitoring in the Federal Government

Tina AlSadhan, Joon Park

Research output: Chapter in Book/Entry/PoemConference contribution


To confront the relentless and increasingly sophisticated cyber assaults from cybercriminals, nation-state actors, and other adversaries, the U.S. Federal Government must have mechanisms to reduce or eliminate compromise and debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to rapidly detect, analyze, and prioritize vulnerabilities and threats and deliver a data-driven, risk-based approach to cybersecurity. Although monitoring information system security became a requirement for government agencies over 20 years ago and billions of dollars are being spent annually for cybersecurity, ISCM remains at a low maturity level across the Federal Government. This research framework presented is part of ongoing doctoral research. The research seeks to identify the challenges achieving an effective ISCM program and inform measures needed to optimize ISCM. The research involves conducting an ISCM Program Assessment in a Department of Defense (DoD) organization using the recently published National Institute of Standards and Technology (NIST) ISCM Assessment (ISCMA) methodology and the companion assessment tool ISCMAx. An ISCM doctrine placement is presented, derived from the NIST ISCM assessment elements, to more clearly articulate and visualize the doctrine of a well-designed and well-implemented ISCM program. This research will also contribute to the knowledge base for assessing ISCM in the Federal government and the functionality of the ISCMAx tool.

Original languageEnglish (US)
Title of host publicationProceedings of the 21st European Conference on Cyber Warfare and Security, ECCWS 2022
EditorsThaddeus Eze, Nabeel Khan, Cryil Onwubiko, Cryil Onwubiko
PublisherCurran Associates Inc.
Number of pages9
ISBN (Electronic)9781914587405
StatePublished - 2022
Event21st European Conference on Cyber Warfare and Security, ECCWS 2022 - Chester, United Kingdom
Duration: Jun 16 2022Jun 17 2022

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610


Conference21st European Conference on Cyber Warfare and Security, ECCWS 2022
Country/TerritoryUnited Kingdom


  • continuous monitoring
  • cybersecurity
  • security assessment

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Assessing Information Security Continuous Monitoring in the Federal Government'. Together they form a unique fingerprint.

Cite this