Continuous security monitoring is the process of monitoring (by collecting measurements, reporting and analyzing the results) the IT systems for analyzing the security level of the organization on a continuous time axis to see how organizational security is performing in the course of time. In the related literature there is very limited work done to continuously monitor the security of the organizations. This work proposes a continuous security monitoring framework based on security metrics approach. Moreover, to decrease the burden of implementation software automation possibilities are introduced. Implementation of the framework in an enterprise environment shows that the proposed process is successful for building an organizational memory and giving insight to the security stakeholders about the IT security level in the organization.