CA-7(4) Continuous Monitoring | Risk Monitoring
Description
Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.
Applicability
The intended audience includes the Chief Information Security Officer (CISO), information resource owners and custodians.
Implementation
TAMU- CC shall ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:
- Effectiveness monitoring;
- Compliance monitoring; and
- Change monitoring.
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019