by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
Tripwire on Continuous Monitoring QWhat is continuous monitoring and why is it important? How is it different from the "checklist compliance" approach originally required by FISMA? AThe original FISMA compliance approach was considered awed because it addressed veri cation of controls infrequently and without focus on the appropriateness and functionality of those controls. The "checklist" approach assumes a certain mechanical nature to cybersecurity that can result in systems being considered compliant but actually not secure. The re-focus of FISMA on continuous monitoring is designed to address these shortcomings. Continuous monitoring involves an ongoing security risk and control assessment -- examining both control behavior and appropriateness. It says that controls should be constantly examined to ensure they are suf cient and working correctly. It also implies a feedback loop so that security information will be assessed in aggregate, providing deeper analytics to spot trends and correlations and to improve awareness. Continuous monitoring requires some signi cant changes --- primarily a reliance on automation and the integration of controls. By adding the element of automation, "periodic" scanning -- whether for patch-related vulnerabilities, con guration errors or logging failures -- becomes "continuous," with the ability to show trends and improvements over time. Control integration describes the ability for controls to support one another rather than work in isolated silos. This is very powerful because it improves the ability of the organization to react and contain incidents. This is how continuous monitoring becomes a production- ready reality rather than an interesting concept. QHow does continuous monitoring t into an agency's larger cybersecurity strategy? A With continuous monitoring as a guiding principle and core to the security program, an agency is forced to think in terms of security management rather than just "stopping exploits" or "catching criminals." Security management typically involves several elements: mandates processes such as threat awareness and vulnerability scanning All of these elements might be in place now, but continuous monitoring requires greater coordination of information and the reassessment of the strategy on an ongoing basis. Agencies are well-advised to develop Sponsored Content Elizabeth Ireland, Vice President of Product Marketing, Tripwire Continuous monitoring is not just a security solution. It's also a risk management discipline that can help an organization understand how best to invest its limited time and money protecting its systems and networks. Elizabeth Ireland, Vice President of Product Marketing at Tripwire, explains how agencies can fully leverage their continuous monitoring system to safeguard their systems against both current and emerging threats. Full 10 question interview online at: GCN.com/2013ContinuousMonitoring