WEBVTT 00:00:00.740 --> 00:00:04.380 When you contemplate intelligent monitoring of security controls, 00:00:04.450 --> 00:00:09.350 it's good to introduce ourselves to a standard out there from the 00:00:09.360 --> 00:00:13.880 NIST Special Publications 800‑137 world called Information Security 00:00:13.880 --> 00:00:19.230 Continuous Monitoring. Here we are focusing on the capability of a 00:00:19.230 --> 00:00:21.950 continuous improvement process. 00:00:21.960 --> 00:00:26.500 That means that your strategy for information security monitoring 00:00:26.510 --> 00:00:30.620 should be grounded in the organizational risk tolerance and helps the 00:00:30.620 --> 00:00:34.820 officials in the organization set priorities and manage risk 00:00:34.820 --> 00:00:37.250 consistently throughout the organization. 00:00:37.540 --> 00:00:39.400 If it's not being measured, 00:00:39.410 --> 00:00:43.120 it most likely means it's not being managed effectively. 00:00:43.130 --> 00:00:47.910 So metrics that provide meaningful indication of security status at all 00:00:47.920 --> 00:00:53.300 organizational tiers is part of ISCM. Ensuring continued effectiveness of the 00:00:53.300 --> 00:01:00.080 security controls is both an objective and also a motivation for being involved 00:01:00.090 --> 00:01:05.430 in Information System Security Monitoring. Verifying that you are a compliant 00:01:05.440 --> 00:01:07.290 is part of the monitoring process, 00:01:07.520 --> 00:01:12.240 not just with some given policy or some given guideline, 00:01:12.440 --> 00:01:17.140 but also aligning yourself to a greater degree at a mission 00:01:17.340 --> 00:01:18.950 in a business function level. 00:01:19.940 --> 00:01:25.580 The ISCM strategy says that it's going to create an environment that's 00:01:25.580 --> 00:01:30.170 very transparent, so the measurability of what's going on with the 00:01:30.170 --> 00:01:34.730 controls that you're monitoring should actually be publishable 00:01:34.730 --> 00:01:37.810 internally to all levels of the organization. 00:01:37.820 --> 00:01:41.370 You also need to make sure that anything that happens inside of your 00:01:41.370 --> 00:01:45.420 monitoring world that represents a modification or a change goes 00:01:45.420 --> 00:01:49.210 through the proper change management that was discussed in the 00:01:49.210 --> 00:01:51.470 previous clips of the last module. 00:01:51.480 --> 00:01:56.610 It also means that as you are carrying out your ISCM that you have 00:01:56.620 --> 00:02:01.130 a continuous awareness of threats and vulnerabilities that are 00:02:01.140 --> 00:02:03.760 evident in the operations of your world. 00:02:03.840 --> 00:02:04.370 Next, 00:02:04.380 --> 00:02:08.009 let's look at one of the items of monitoring that 00:02:08.009 --> 00:02:10.720 includes log capture and analysis.