The NIST Risk Management Framework provides an excellent framework to promote near real-time risk management and on-going information system authorization, a system in which it enables senior leaders to have the necessary information to make cost effective, risk based decisions, establishes responsibility and accountability for security controls. (NIST SP 800-37 r1, p. 1-2)

​

I learned that continuous monitoring of all assets is possible. With Tenable Network Security’s SecurityCenter Continuous View, I can  continuously monitor our network for data leakage. It provides provide visibility of which devices behind the firewall are communicating with potentially risky cloud storage services. Knowing which devices (IP addresses) have been using popular cloud storage services is very useful. However, also having visibility into unencrypted protected/proprietary content being stored on devices and being transferred to or from the cloud, plus having visibility into the devices’ vulnerabilities, provides much more insight into risk. (Tenable Network Security, 2015)

​

Guide for Applying the Risk Management Framework to Federal Information Systems. (2010, February). NIST Special Publication

800-37r1. Gaithersburg, MD: National Institute of Standards and Technology.

Tenable Network Security, Inc. (2015, April). Eliminating Cybersecurity Blind Spots. (p. 9-10)