by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
Full 10 question interview online at: GCN.com/2013ContinuousMonitoring Knowledge Consulting Group on Continuous Monitoring QWhat is continuous monitoring and why is it important? How is it different from the "checklist compliance" approach originally required by FISMA? AContinuous monitoring is a set of processes and technologies that enumerate an organization s assets and their risk posture, and that provide a continuous feedback loop on risk and the effectiveness of security controls that are in place. It also enables an agency to prioritize remediation actions based on the areas that represent the highest risk to the organization. It s different from FISMA because it s not something that provides just one image of the organization s threat posture at point-in-time intervals. Continuous monitoring, as the name suggests, provides an ongoing and more real-time evaluation of threats. It s an evolution of the FISMA approach in the sense that FISMA checks give a good, strong understanding of the systems an organization has in place and documents those systems. Continuous monitoring also provides that, but then tests the systems regularly to make sure they are properly con gured and operating as designed, as far as security controls are concerned. QHow does continuous monitoring t into an agency's larger cybersecurity strategy? AIt s a critical component of any agency s cybersecurity strategy. Attacks today come from many different actors, ar- rive through many different paths and have many different goals. All of them have the potential to in ict a great deal of damage on an organization s systems and networks. The security posture of that organization must be continually evaluated to under- stand where the holes are and how they can be mitigated, and there has to be a way to monitor the activity on the network to understand whether any anoma- lous activity is occurring. For many organizations, that will require a radical shift in mentality away from simply preventing intrusions to one where they understand that they can never get to a situation where attacks will never penetrate defenses. There will be intrusions, so you need a way of detecting them and minimizing the damage that occurs. Peripheral defenses are no longer enough. You also need to know what s happening on the network so that you can nd that malicious activity before it causes extensive damage. Matt Brown Vice President, Homeland Security Programs, Knowledge Consulting Group Sponsored Content As attacks on agency networks and assets become ever more divergent and sophisticated, continuous monitoring will be a critical element in an organization's cybersecurity strategy. But it s not an easy thing to implement. Matt Brown, Vice President, Homeland Security Programs, Knowledge Consulting Group describes the various elements of effective continuous monitoring, and why it s not just one more technology program.