Continuous monitoring: A square of a IT confidence puzzle
Continuous monitoring is replacing periodic acceptance of supervision information systems as a sovereign customary for IT security, though it is a means to an finish rather than an finish in itself, contend supervision confidence pros.
“Continuous monitoring is a tactic in a incomparable strategy,” pronounced Ron Ross, comparison mechanism scientist during a National Institute of Standards and Technology.
The incomparable plan is a extensive proceed to a flourishing series of vulnerabilities, threats and attacks targeting supervision systems, that have put information confidence on a Government Accountability Office’s list of high risk activities given 1997.
To be effective, a systems being monitored contingency be essentially sound, Ross said. Frequently checking a damaged close does not make it any some-more effective. “We can’t get ourselves out of this problem by counting things faster.”
Agencies contingency facilitate their IT environments by a use of collection such as cloud computing and craving architectures to make them some-more docile and afterwards deposit in a indispensable confidence to make them resilient.
Ross, who heads NIST’s Federal Information Security Management Act correspondence program, finished his comments during Symantec’s Government Security Symposium in Washington Nov. 7.
FISMA calls for agencies to guard a confidence standing of IT systems, though a sum of how to do it has been left to a Office of Management and Budget. OMB primarily determined a requirement for periodic confidence authorization, with acceptance and accreditation of IT systems finished each 3 years. With a gait of change in IT and in a cyber hazard landscape it has turn apparent that this is inadequate, however, and in a past 3 years a concentration has changed toward continual monitoring of systems as a deputy for triennial reauthorization.
Article source: http://gcn.com/articles/2012/11/16/continuous-monitoring-it-security-puzzle.aspx