ISC2 CGRC domain #7: Continuous monitoring

Graeme Messina
January 13, 2022 by
Graeme Messina

The Certified Authorization Professional (CAP) exam tests many different aspects of information systems. It is important to understand when and why people need access to certain resources, but just as important is continuous monitoring of this access.

Domain 7 focuses on maintaining the changes made to information systems and environments by continuously monitoring systems. Some changes indicate a threat to a system, and as such, monitoring can help to catch a problem before it grows into something much bigger and more serious.

We will cover the exam objectives for domain 7 in this article and explain how it is useful to you for the exam and for applying these skills in your everyday work environment. 

Earn your CGRC, guaranteed!

Earn your CGRC, guaranteed!

Enroll in a CGRC (formerly CAP) Boot Camp and earn one of the industry's most respected certifications — guaranteed.

ISC2 CAP explained

The ISC2 issues the Certified Authorization Professional (CAP) credential to information security professionals that complete the CAP exam. Successful candidates must demonstrate a comprehensive understanding of how to implement a specific policy or a procedure in a given scenario. 

Other areas of competency include best practices related to authorisation and maintaining information systems. The CAP certification material is categorized into seven different domains that cover different aspects of the exam.

The seventh domain of the CAP brings continuous monitoring into focus, and it looks at how information systems maintain access levels through changes to them. This domain is responsible for 16% of the exam, and it has a lot of sections to go through. We will cover them briefly to better understand what is required when you sit down to take the exam.

What is continuous monitoring?

Continuous monitoring describes the processes that need to be followed to set up a system to track changes across your IT environment. It also covers the basics that you will need to follow to perform assessments and audits on an ongoing basis and how you can implement them synergistically with the organization's requirements. Other covered items include supply chain risk analysis, network monitoring vulnerability scanning, log file monitoring and more. 

How will continuous monitoring help my career?

Continuous monitoring is important for anyone who works in an operational environment, not just for authorization roles. Any operations center that maintains servers, network infrastructure, and databases knows how important it is to ensure that all of the systems responsible for maintaining business operations are always monitored. 

Continuous monitoring is not limited to watching dashboards and reading system reports. It also covers the basic communications initiated in an incident, which ties into incident response and critical response to cyber threats. These communications need to be audited and standardized, and the CAP covers these processes and why they are necessary. 

This domain also covers monitoring policies and the data monitored and collected. As each industry changes and evolves with regulatory shifts within the industry or market, so must the continuous monitoring of each organization. This means that you will be involved with much of the organization's planning and reporting of this aspect of information systems. 

Another key aspect of this domain is interdepartmental communications with all stakeholders, such as the legal and security departments, and even third parties such as suppliers. When looking through this section, candidates must also understand privacy policies and updates. 

What's covered in CAP Domain 7 of the exam?

The seventh domain of the CAP looks at the fundamental information gathering around your systems related to monitoring.  

This is one of the shorter exam objectives, with there being only three subsections to cover, but that does not make this any less important. 

You must ensure that you understand how the documentation works within the large context of authorization, information risk, and each system's terms to which authorization is granted. Below are the points covered in more detail for this exam.

The key points covered in Domain 7 of the CAP include:

  • You must be able to determine the impact of changes to information systems and the environment. This means that any additions or revisions that are made to your systems need to be properly tested and approved before taking any action, as well as contingencies and roll-back procedures for failed changes.
  • You must perform ongoing assessments/audits based on organizational requirements. Audits are an ongoing process that is always happening, so you will need to understand what data needs to be collected and managed and what doesn't, depending on the activities you are performing.
  • You will need to review supply chain risk analysis events and monitoring activities such as cyber threat reports, agency reports, news reports. The more information you have at your disposal, the more contingencies and mitigations you will be able to put in place in the event of a security threat.
  • You will actively participate in response planning and communication of cyber events. Communication is key to getting the right team members online and ready to assist whenever needed. To help develop these systems, you must understand the incident response planning of your organization to help construct them effectively.
  • You must revise monitoring strategies based on changes to industry developments introduced through legal, regulatory, supplier, security and privacy updates. Changes are a constant in the world of regulations and compliance, so you must be aware of recent changes as they apply to your areas of operation.
  • Candidates must keep designated officials updated about the risk posture for continuous authorization/approval. This is very important as they are the ultimate decision-makers when business-critical choices need to be made.
  • Decommission information systems. To safely decommission an information system, you must follow specific processes and procedures to ensure that all regulations are followed.

Earn your CGRC, guaranteed!

Earn your CGRC, guaranteed!

Enroll in a CGRC (formerly CAP) Boot Camp and earn one of the industry's most respected certifications — guaranteed.

Getting started with Continuous Monitoring

You will need continuous monitoring any time you are responsible for maintaining audit records and compiling reports. The executives and management teams need to have clear expectations about the information required to properly monitor all of the applicable systems.

All of this must be done in conjunction with proper data security best practices, tight controls, and access to information systems. Continuous monitoring serves as a preventative measure and a record trail for tracking changes to data systems within an organization. 

The CAP will give you all of the basic skills you need to get started with this important information security discipline. 

For more information on the CGRC certification (formerly CAP), check out our CGRC certification hub.


Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.