Audit & Continuous Monitoring

Perhaps the most famous and most feared part of compliance is the process of demonstrating it to those who weren’t involved with the sensitive activity.

An Audit is a formal, opinionated review of an organization’s policies and posture. Because an audit is an approximation of compliance posture at a point in time, its outcome is a firm assertion based on observations of available evidence or gathered facts. Audits may have a variety of scopes, and may involve forming opinions on the guidance an organization follows, the controls it writes, the policies it implements, its evaluation methods, and its enforcement status. The opinion is typically informed by a combination of geopolitical regulatory requirements and known best practices for the industry and resources involved.

Audits are typically conducted in batches, and look for point-in-time evidence collected during an evaluation activity. Traditionally, audits have favored manual intent evaluations due to their simplicity and predictability, but cybersecurity audits are increasingly integrating automated tools for both intent and behavioral evaluation.

Continuous Monitoring is a multi-system process designed to collect evaluation and telemetry data in an ongoing process to better detect malicious action, enable remediation activities, and observe trends over time. This is also known as “CCM,” continuous compliance monitoring.

Mature CCM operations establish a constant, ongoing, policy-driven process that harnesses multiple systems to ensure maximum visibility of all deployed assets at all times. A physical equivalent might be constant security patrols, live video surveillance, and active perimeter guards.