Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. What are the essential elements required for continuous monitoring?
Each correct answer represents a complete solution. Choose all that apply.
A.
Ongoing assessment of system security controls
B.
Security tools definition
C.
Security status monitoring and reporting
D.
Security impact analyses
E.
Configuration management and change control
Explanation:
Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk managementdecisions. Following are the four essential elements required for continuous monitoring:
Configuration management and change control
Security impact analyses
Ongoing assessment of system security controls
Security status monitoring and reporting