One analogy that will describe the movement toward awareness is to think of system managers as Air Traffic Controllers in action. Currently, Continuous Monitoring is employed by systems owners like the big boards in the arrival terminals at airports. The boards are packed with lists of arriving and departing flights and their status. The board shows the airline, the flight number, departure city or destination, departing or arriving gate, departing or arriving time and the flight’s status – “On Time”, “Delayed” or “Cancelled.”Now let’s take a page out of the history books and suggest that the airport is socked in with a sudden blast of winter weather in the form of a Nor’easter. As the family member who has drawn the assignment of has picking up the mother-in-law from the airport, you prudently checked the status her flight before you made the 50 minute drive to the airport through worsening traffic conditions. The flight’s status shows en route and on time.Now that you have completed your trek to the airport, parked and trudged into the airport’s baggage claim area, you again check the flight status. Now the board shows that the flight is “Delayed.” What’s next? You don’t know whether to return to your car and go home or to grab a snack and hunker down for a wait as the airport struggles to stay ahead of the inclement weather by plowing and treating the surfaces. Your hope is that inbound flights work their way around the storm and will be arriving very soon – they have to arrive sometime soon, right?Read the whole whitepaper at – https://www.treadstone71.com/whitepapers/ContinuousMonitoringAccordingtoFISMA%20-%20Steve%20Polk.pdf Contact Steve at ESPolk@GMail.com Related content opinion The Sandbox - RSA Conference 2014 - San Francisco By Jeff Bardin Feb 24, 2014 3 mins Technology Industry IT Leadership opinion NY Times Story on Snowden Way Off the Mark Snowden story worthless - Basic IT protocols ignored - By Jeff Bardin Jul 05, 2013 2 mins Data and Information Security Network Security opinion Maskirovka – Tactical, Operational, Strategic Deception "The Op is in Motion" By Jeff Bardin Apr 29, 2013 4 mins Physical Security IT Leadership opinion Is this gun smoking? Certified Unethical Training http://attrition.org/errata/charlatan/ec-council/eccouncil_emails.html By Jeff Bardin Mar 15, 2013 14 mins Social Engineering IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe