Continuous Monitoring: How to Get Past the Complexity
What exactly is continuous monitoring - and why is it so hard for organizations to get it right?
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
It is one of the most discussed and least understood concepts in enterprise risk management today. Fundamentally, continuous monitoring is about deploying systems to examine all of the transactions and data processed in different applications and databases, ensuring that patches are updated, proper controls are in place and that all known (and even un-known) vulnerabilities have been addressed within an acceptable risk threshold.
But in this session, you will go beyond the fundamentals and learn first-hand from a leading expert:
- How to establish a successful continuous monitoring program;
- Technology and personnel requirements that might be easily overlooked;
- How to overcome the obstacles that have prevented other organizations from achieving maximum benefits from continuous monitoring.
Continuous monitoring fits into the six steps of the Risk Management Framework described in guidance issued by the National Institute of Standards and Technology, which defines its objective to determine if deployed security controls continue as changes inevitably occur to IT systems.
But what exactly is continuous monitoring, and how do organizations come to understand and embrace the concept, then derive value from the practice?
The concept traces its roots to traditional auditing processes, but goes further than a periodic snapshot audit by putting in place frequent examination of transactions and controls, so weaknesses can be corrected or replaced before they can do damage. Continuous monitoring systems should examine all of the transactions and data processed in different applications and databases, testing for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data and other possible breakdowns in internal controls.
Simply, continuous monitoring contributes to helping organizations make better risk decisions as part of a comprehensive security program.
In practice, organizations today employ continuous monitoring in a variety of domains, including vulnerability, patch, event, incident, asset, configuration, network, license and information management; malware detection; and software assurance.
A well-designed and well-managed continuous monitoring program can effectively transform an otherwise static and occasional security control assessment and risk determination process into a dynamic process that provides essential, near real-time security status-related information. That information can be used to take appropriate risk mitigation actions and make cost-effective, risk-based decisions regarding the operation of their information systems. A continuous monitoring program allows an organization to track the security state of an information system on an ongoing basis and maintain the security authorization for the system over time. Understanding the security state of information systems is essential in highly dynamic environments of operation with changing threats, vulnerabilities, technologies, and missions/business processes.
But how do they get there? That is the challenge - to get beyond the perceived complexity and create an effective continuous monitoring program.
Presenter Dwayne Melancon, an industry expert on continuous monitoring, will discuss:
- NIST's view of continuous monitoring as well as guidelines and requirements for government agencies and specific industries to implement it;
- How to establish a continuous monitoring strategy;
- A step-by-step roadmap to integrate continuous monitoring into your organization's Risk Management Framework;
- How continuous monitoring will help your organization defend against breaches, gain IT systems' efficiencies, improve availability and prepare for audits.