How to Implement Continuous Monitoring and improve your Agency’s Security Posture
Security hazards are a fact of life and the public sector is a leading target for attacks. Despite progress and increased risk awareness, government hacks and security breaches are skyrocketing. There were almost 61,000 attacks on the federal government in 2013.
Capitol Hill lawmakers are taking note. In December 2014, President Obama signed five new cybersecurity measures into law – the first time in 12 years that any significant cybersecurity legislation has received a Presidential signature.
Legal measures aside, the actual business of protecting government infrastructure assets is a difficult and complex undertaking that agencies can’t do alone. With this challenge in mind, the federal government has undertaken an unprecedented effort to bring unity to the disparate information security systems in place across civilian agencies. Headed by the Department of Homeland Security, the Continuous Monitoring and Mitigation (CDM) program is designed to provide civilian agencies with tools and processes to help them gain better visibility into their networks, identify cyber flaws, and put a fix in place fast.
What is Continuous Monitoring?
Instead of relying on point solutions like anti-virus or intrusion detection software that struggle to stop advanced threats, continuous monitoring (CM) supplements these traditional tools with a multi-pronged approach that helps agencies become more proactive in in addressing threats. Using intelligent metrics, agencies can start to connect the dots, identify unusual activity before it strikes, and put a plan in place to mitigate risk.
The National Institute of Standards and Technology (NIST)*who plays a key role in defining a best practice approach for CM, defines it as the ongoing awareness of information security, vulnerabilities, and threat to facilitate risk-based decision making:
- CM involves the ongoing assessment and analysis of the effectiveness of all security controls
- CM provides ongoing reporting ono the security posture of information systems
- CM supports risk management decisions to help maintain organizational risk tolerance at acceptable levels
*Source: Continuous Monitoring in a Risk Management Framework, U.S. Census Bureau, 2012
How to Implement CM
Meeting your agency’s CM requirement can be a challenge. Creating high beneficial and secure systems across siloes of hardware, software, and services isn’t easy.
Don’t let this deter you though; CM is a must-have. It provides an automated process that can greatly increase an organization’s security posture and give staff real-time security information that can be acted on according to policies and standards. CM also a regulatory requirement – FISMA requires it and OMB policy necessitates that agencies implement CM by 2017.
The DHS CDM program can help and it’s worth checking out whether your agency can qualify and take advantage of it. Industry can help too. The Symantec Continuous Monitoring Solution, for example, can do much of the heavy-lifting by providing a process that guides your agency toward meeting its CM requirement. (It should be noted that Symantec’s tools are used to support the DHS CDM program).
Agencies should also refer to CAESARS , aka the Continuous Asset Evaluation Situational Awareness and Risk Scoring, which gives guidance from the DHS on how to implement CM. CAESARS is an end-to-end integrated approach based on the NIST Risk Management Framework. Symantec’s products can be used to support CAESAR and deliver the actual services and functions that bring the architecture to life.
Implementing CM – the process and its benefits – are discussed fully in Continuous Monitoring for Dummies, an eBook published by Symantec and DLT Solutions. Download your free copy and learn how to make the most of federal and industry best practices and solutions.