SKIP TO PAGE CONTENT

CA-7 Continuous Monitoring

Last Review: 10/1/22

Statement

The CIO and ISO will maintain a set of metrics to be continuously monitored, this shall include frequency of the reviews, and a manner in which they shall be reported

Applicability

This control applies to all West Texas A&M information resources. The intended audience for this control includes all information resource owners and custodians as well as the ISO.

Implementation

The ISO and system custodians shall develop a continuous monitoring strategy and implement a continuous monitoring program that includes:

  • Establishment of the information resource metrics to be monitored;
  • Establishment of a methodology for monitoring and a methodology for assessments supporting such monitoring;
  • Ongoing security control assessments in accordance with the university's continuous monitoring strategy;
  • Ongoing security status monitoring of university defined metrics in accordance with university continuous monitoring strategy;
  • Correlation and analysis of security related information generated by assessments and monitoring;
  • Response actions to address results of the analysis of security-related information; and
  • Reporting the security status of the university and information resources to the CIO annually.

The ISO shall ensure risk monitoring is part of the continuous monitoring strategy that is employed.  This shall include:

  • Effectiveness monitoring
  • Compliance monitoring
  • Change monitoring

Phone
Twitter
Facebook
Instagram
Mail