home.aspx
 
. https://informationsecurity.report/Resources/Whitepapers/7fe7ac01-3507-43ab-b26f-7186af381c86_ContinuousMonitoring2012.pdf
whitepaper
SHARESHARESHARE
CONTINUOUS MONITORING OF INFORMATION SECURITY
Information security centers around risk management — estimating and measuring risks, defining risk avoidance strategies, controlling and mitigating risks, and reporting on risks. At the end of the risk management cycle is one critical step: monitoring security (hence, monitoring risk). Security monitoring entails examining all of an organization’s risk controls, mitigations and policies and answering one key question: Is it collectively effective at managing risk?
Over time, the information security industry has been wrenched back and forth by legislative interest in compliance. Together, the Sarbanes–Oxley Act (SOX) of 2002 and, to a lesser extent, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 have completely reshaped information security monitoring
DOWNLOAD