Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain

Citation
Government Accountability Office, Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain (GAO-11-149) (July 2011) (full-text).

Overview
The Department of State has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information security activities have been conducted in the past.

The GAO was asked to determine (1) the extent to which the State Department has identified and prioritized risk to the department in its risk scoring program; (2) how agency officials use iPost information to implement security improvements; (3) the controls for ensuring the timeliness, accuracy, and completeness of iPost information; and (4) the benefits and challenges associated with implementing iPost.