by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : February 2015
information and make decisions in real-time. “If you have visibility into vulnerabilities, patches and activities on the network in real time and can aggregate that information and display it in real time, you can understand the health of the enterprise from a risk management CONTINUOUS DIAGNOSTICS & MITIGATION perspective,” said Robert Osborn, Chief Technology Officer for Federal at ServiceNow, an enterprise IT cloud company. Managing risk is the key to successful CDM. Being able to quickly pinpoint behavior or activity inside the network that is inconsistent with your policies or the behavior of the people or devices running on your network is more than half the battle in cybersecurity. While CDM is just getting off the ground in many agencies, those that have implemented it have already reaped big benefits. The State Department, which led the charge several years ago with the first CDM-type program, reported reductions of up to 90 percent in security risk. A SANS Institute study published in August 2014 found that nearly half experienced better security as a result of the CDM controls. CDM also has proven to improve security decision-making significantly. A recent MeriTalk study found that at least half of respondents cited improved risk assessment and acceptance, improved decision-making on when to share data with other networks, and better awareness of consequences resulting from the current state of security. Making sense of it all A successful CDM approach requires paying full attention to people, processes and technology. In the technology realm, it involves upgrading or adding to the security capabilities many agencies already have in place. Some of the most important areas are: Automation: Automation is a critical component of CDM because some threats require response within milliseconds—much faster than a human could respond. By automating as many of the known threats as From Awareness to Action CDM isn’t a concept that sprouted overnight. Instead, it’s the culmination of decades of progress in cybersecurity awareness. CDM promises to take cyber-protection to new heights. 2002 2007 2007 2008 2010 2011 2012 2013 2014 FY2014 Federal Information Security Management Act (FISMA) is enacted Department of State initiates the Cyber Security Incident Program (CSIP) NIST begins working on SCAP (Security Content Automation Protocol) Department of State launches iPost for automated scanning and continuous monitoring; it is so successful that other agencies begin to take note OMB issues mandate on continuous monitoring NIST publishes SP 800-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations OMB identifies continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority goals OMB issues memo requiring continuous monitoring of security by the end of FY2017 NIST publishes SP 800-53, Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations Agencies required to finalize CDM strategies CDM: Step by Step The Continuous Diagnostics and Mitigation program covers 15 diagnostic capabilities, which will be rolled out in three phases: Phase 1: Endpoint integrity • Hardware asset management • Software asset management • Configuration settings management • Vulnerability management Phase 2: Least privilege and infrastructure integrity • Access control management (trust in people granted access) • Security-related behavior management • Credentials and authentication management • Privileges • Boundary protection (network, physical, virtual) Phase 3: Boundary protection and event management for managing the security lifecycle • Plan for events • Respond to events • Generic audit/monitoring • Document requirements, policy, etc. • Quality management • Risk management Source: Department of Homeland Security FCW_Carahsoft_4pg_Insert_final4.indd 2 1/23/15 1:32 PM
March 15, 2015