Exam CISSP topic 1 question 290 discussion

A. Continous is ongoing.

A. Information Security Continuous Monitoring (ISCM)

A. Information Security Continuous Monitoring (ISCM)

Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf

Answer is correct "Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information. See organizational information security continuous monitoring and automated security monitoring." https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring