The ability for commanders to know and understand an organizational attack surface, its vulnerabilities, and associated risks is a fundamental aspect of command decision-making. In the cyberspace domain, it is paramount to perform ongoing monitoring sufficient to ensure effectiveness of security controls and designed to deliver crucial information that facilitates real-time, data-driven risk management decisions.
This article first appeared in the National Security Agency’s Cyber Security & Information Systems Information Analysis Center (CSIAC) Journal.
