“Continuous monitoring” is a key element in FISMA compliance reform, and it’s important not only to those who work for the government but also for those whose companies do business with the government or operate systems classified as critical infrastructure. It’s all about automation of security assessment, but the public and private sectors aren’t approaching it in the same way – and that’s not good. Read this interesting article by Dr. Mike Lloyd (and look for the follow-up article) to find out more:
http://www.securityweek.com/continuous-monitoring-and-confusion-it-causes