|
CONTINUOUS MONITORING
In 2010, the Office of Management and Budget (OMB) enacted changes in the federal cybersecurity strategy mandating that federal agencies implement a program of Continuous Monitoring. Information Security Continuous Monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
Any effort or process intended to support ongoing monitoring of information security across an organization begins with leadership defining a comprehensive ISCM strategy encompassing technology, processes, procedures, operating environments, and people. This strategy:
- Is grounded in a clear understanding of organizational risk tolerance and helps officials set priorities and manage risk consistently throughout the organization.
- Includes metrics that provide meaningful indications of security status at all organizational tiers.
- Ensures continued effectiveness of all security controls.
- Verifies compliance with information security requirements derived from organizational missions/business functions, federal legislation, directives, regulations, policies, and standards/guidelines.
- Is informed by all organizational IT assets and helps to maintain visibility into the security of the assets.
- Ensures knowledge and control of changes to organizational systems and environments of operation.
- Maintains awareness of threats and vulnerabilities.
Under this new regulation, agencies are required to:
- Implement software to support a program of continuous monitoring.
- Feed the data into Cyberscope.
Guidelines for meeting Continuous Monitoring are provided in NIST 800-53, NIST 800-137 and by DISA STIG.
Network-Centric Versus Data-Centric Approaches to Continuous Monitoring
Many agencies start with a network-centric approach which focuses on the end points and periphery defense. In an agency with tens of thousands of end points, this is a massive undertaking and does not adequately improve the agency’s security risk posture. Periphery defenses are limited in the protection they provide because:
- SQL injection vulnerabilities are prevalent and provide direct access to the database.
- Hackers are more successful loading malware onto employee workstations, providing a jump-off point to the database and sensitive data.
- Insider attacks are on the rise.
It is therefore critical that federal agencies include a data-centric approach and protect the data where it lives - in the database. Application Security’s data-centric solution is is Precision Database Activity Monitoring (DAM). Precision DAM enables federal agencies to meet Continuous Monitoring compliance and secure their sensitive data through an effective five step program of database security process control.
FIVE STEPS TO COST-EFFECTIVE CONTINUOUS MONITORING COMPLIANCE - TWO MINUTE TUTORIALS
Two Minute Tutorials
 |
Isolate
Sensitive
Databases |
Maintain an accurate inventory of all databases deployed across the enterprise. |
| |
|
|
|
Eliminate
Vulnerabilities |
Identify and fix vulnerabilities that are exposing the database on a continuous basis. |
| |
|
|
|
Enforce
Least
Privileges |
Reset user access controls and privileges to only the minimum database access required to do their jobs. |
| |
|
|
|
Monitor
for
Deviations |
Implement appropriate policies and monitor for any and all activity that deviates from normal and authorized activity. |
| |
|
|
|
Respond to
Suspicious
Activity |
Alert and respond to any unauthorized or suspicious activity in real-time to minimize risk of attack. |
SUMMARY OF REQUIREMENTS - CONTINUOUS MONITORING
|
Request a FREE trial
Contact Sales 
