Assessing Information Security Continuous Monitoring in the Federal Government

Abstract

To confront the relentless and increasingly sophisticated cyber assaults from cybercriminals, nation-state actors, and other adversaries, the U.S. Federal Government must have mechanisms to reduce or eliminate compromise and debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to rapidly detect, analyze, and prioritize vulnerabilities and threats and deliver a data-driven, risk-based approach to cybersecurity.  Although monitoring information system security became a requirement for government agencies over 20 years ago and billions of dollars are being spent annually for cybersecurity, ISCM remains at a low maturity level across the Federal Government.  This research framework presented is part of ongoing doctoral research.  The research seeks to identify the challenges achieving an effective ISCM program and inform measures needed to optimize ISCM.   The research involves conducting an ISCM Program Assessment in a Department of Defense (DoD) organization using the recently published National Institute of Standards and Technology (NIST) ISCM Assessment (ISCMA) methodology and the companion assessment tool ISCMAx.  An ISCM doctrine placement is presented, derived from the NIST ISCM assessment elements, to more clearly articulate and visualize the doctrine of a well-designed and well-implemented ISCM program.  This research will also contribute to the knowledge base for assessing ISCM in the Federal government and the functionality of the ISCMAx tool.