by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
QWhen it comes to aggregating and analyzing security data, how do agencies strike the right balance between being comprehensive and not getting overwhelmed? AIt is important to note that different personnel require different views of data, depend- ing on their role in the security process. For instance, a sys- tems administrator may want to look at the data to see who has access to what, whereas a se- curity of cer is interested in re- cently posted vulnerabilities or information system vulnerability management alerts. The key to any continuous monitoring program is that it provides the right data to the right person at the right time. Continuous monitoring certainly provides that common enclave of data, and then, in theory, you can cut views out of it based on the role someone is playing in the security process. But it requires an understanding of what data various people care about, and so there s a need for the organization as a whole to be able to clearly de ne those roles and to make sure the technology provides the data they need. And I think that s what agencies need to focus on. For the most part, they have de ned the roles people play, and they have de ned the kind of data they need to see. The trick is providing the right technology to get them that data. The data may already be there, but the right person doesn t have access to the technology that contains it, so they rely on someone else to pull the data out and send them a report. And if that doesn t happen, that person doesn t get the information they need to ful ll the role they have. QIn what ways does continuous monitoring support a risk management approach to cybersecurity? And how can a risk management approach shape a continuous monitoring strategy? AContinuous monitoring enables effective risk management by providing a more real-time view of the risk posture of an organization s environment. With that, executives can make more risk-aware decisions about how to prioritize the resources they need to execute an effective cybersecurity program, and what additional security controls they might need if their risk posture is not at an acceptable level. But a risk management process needs to be in place and ingrained as part of an organization s overall approach to how it does business. A continuous monitoring process can help speed up that intelligence-aware decision-making process for the risk executive, but a well- considered risk management process needs to be there for it to be useful. QTo what extent can continuous monitoring help agencies go beyond simply responding to problems and actually help them anticipate and mitigate future threats? ABy giving you an understanding of your network and how it works, continuous monitoring let s you know what should and should not be on the network, what behaviors are appropriate based on the mission of the agency and what the day- to-day operations of the security environment look like. Gone are the days when security products could be architected to use signatures to identify speci c threats so that they can be traced and quarantined. Today s security environment really must rely on more intelligence- driven architectures, as well as be able to identify those anomalous behaviors that alert you to possible exploitation. In that way, continuous monitoring allows you to both know the known and identify the unknown. Because continuous monitoring enables a better understanding of the network, organizations can bring in a different technology to address things that are obviously missing, or they can architect the infrastructure in a different way to protect against them. On the ip side, it also helps them understand the unknowns. That is probably more important, because with the unknowns you often can t tell whether a particular behavior is good or bad.