In the information system continuous monitoring (ISCM) process, during which step is security-related information collected for metrics, assessments, and reporting?

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Anti-Terrorism Officer Level II Training Test. Challenge yourself with flashcards and multiple choice questions, each with helpful hints and explanations. Get exam-ready now!

The step in which security-related information is collected for metrics, assessments, and reporting is during the implementation of the ISCM program. At this stage, the established metrics and processes defined in earlier steps come into play. This step is crucial because it involves the practical application of monitoring tools and techniques that gather data about the security posture and operational environment of the information systems.

Collecting this information is essential to assess vulnerabilities, identify potential threats, and evaluate risks effectively. It allows organizations to maintain situational awareness regarding their security status and ensures that all relevant data is captured for ongoing evaluation and reporting.

In the initial steps, such as initiating the ISCM program and defining metrics and reporting, strategic planning and metric design take place without actual data collection. The final step, reviewing ISCM effectiveness, focuses on analyzing the information collected during implementation, but does not involve active information gathering. Thus, the implementation phase stands out as the critical point where the actual collection of security-related information occurs.