by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
cybersecurity strategies that take each of these areas into consideration. Agency strategy will involve re nement of capabilities of tools and staff to meet these goals. The tools used by agencies will have to support functionality such as enhanced alerting, reporting and support of federal standards. In turn, these tools will enable security staff to achieve greater communication of threat and risk and to assess security in a more timely fashion. QWhen it comes to aggregating and analyzing security data, how do agencies strike the right balance between being comprehensive and not getting overwhelmed? A It is true that security tools can generate a huge vol- ume of security data, and so there needs to be a balance between monitoring enough and too much. But volume is not really the problem. The only problem is when you can't iden- tify patterns or see correlations between events. The solution is to better focus the continu- ous monitoring practices. For instance, it is important to establish a baseline of known good-state data and focus on anomalies. In this way, as new data is added, it does not "over- whelm" operations. The key is developing correlation rules that can turn more data into more knowledge and provide greater opportunity of identifying pat- terns or connections between information sources. This topic also brings up the issue of developing good practices around change management. When automation is used to help the change management process, approved changes can be routinely tracked and reconciled with log data so that the unapproved or questionable changes stand out. This, again, avoids overwhelming an organization with data and promotes mature security practices. QIn what ways does continuous monitoring support a risk management approach to cybersecurity? And how can a risk management approach shape a continuous monitoring strategy? AAt a business level, risk reduction and security management is the real goal, and continuous monitoring is a key methodology supporting that. It's not surprising that risk management and continuous monitoring go hand-in- hand in federal plans for the enhancement of cybersecurity. In fact, risk management is part of the proposed enhancement of the FISMA program, requiring agencies to better identify and assess risks as part of their cybersecurity efforts. But continuous monitoring is more than just a policy decision. From an operational perspective, continuous monitoring provides a feedback mechanism so that you can know if the risks you assessed are being correctly mitigated. This is because the goals of continuous monitoring are directly related to risk management. The results of a continuous monitoring effort will be the con rmation of threat and vulnerabilities to the organization -- and sometimes the identi cation of new threats. And it follows that the analysis of threat and situational data, conducted as part of risk management, informs the focus and tailoring of the continuous monitoring program. QTo what extent can continuous monitoring help agencies go beyond simply responding to problems and actually help them anticipate and mitigate future threats? ADespite the fact that "monitoring" is often seen as a passive activity, continuous monitoring is fundamentally a proactive discipline. It continually seeks out weaknesses, continually shores them up, and when done well, continually balances mitigating risk with the productivity of the agency and its overall mission. For instance, part of continuous monitoring is the tracking and trending of incidents and control behavior. This means that changes in threat actors, tactics and strategy can possibly be seen in real-time monitoring. This will provide ways to better understand and manage the threat of attack, lessening the risk and possibly eliminating the threat actor. A critical outcome of agency engagement with the practice of continuous monitoring will be the development of new skills in cyber analysis and adaptation of security controls. Over the next few years, the biggest advances in security will come from having powerful new security products to monitor operations and the staff who know how to use them. Those skills will always be valuable because we see signi cant new threats that come with each new technology and advancement. As agencies make new investments in IT capability, it will be critical that they have the ability to predict threats and design security into systems, as well as to detect and respond to attacks.