Continuous monitoring (CM) begets a process of continuous improvement that works to reduce attack surface and improve security posture, according to the 2016 SANS survey on CM conducted during the months of July to September. In it, 63% of respondents said CM was improving their security posture.
The road to improvement should start with asset and inventory management, and then move to assessing the organization’s capabilities. Can processes be improved? Can present tools do the job? Organizations should measure effectiveness against metrics, such as those defined by the CIS publication, Measurement Companion to the CIS Critical Security Controls.3 These and other CM program components are covered in the following pages.
Download this whitepaper to find out more.