NIST SP 800-137

From: McAfee

This was started by some good conversations around how a company does all the things a SIEM does.  Thanks to those who participated.

I like to think of all the use cases that a SIEM performs as standing in four groups:

1. Log Management – get the events generated on your network flowing through SIEM and keep that pipeline operating smoothly
2. Threat and Risk Correlation – add intelligence to the event flow by attaching context or combining simple events into more complex ones
3. Incident Response – now that you know something is happening, you have to do something about it

From: Phys.org

by Dominic Ali

Passwords are the bane of 21st century life. But Bionym, a Toronto-based tech start-up, promises to change that.

Founded by recent University of Toronto graduates Foteini Agrafioti and Karl Martin, the company develops biometric software. Its latest project may change the way we secure our digital information in the near-future.

The secret is a heartbeat away. Literally.

“HeartID is currently the only commercially available biometric authentication solution that uses the cardiac signal,” says Agrafioti.

From: FederalNewsRadio.com  1500AM

By Jason Miller

The Homeland Security Department is expecting agencies to spend billions on continuous diagnostic and mitigation tools and continuous monitoring-as-a-service over the next five years.

DHS, working with the General Services Administration, issued a final request for quote for a blanket purchase agreement (BPA) for 15 tools and for 11 task areas to improve agency cybersecurity. Federal News Radio obtained a copy of the RFQ.

DHS expects the BPA to be worth $6 billion over the life of the contract, which has a one-year base and four one-year options.

From: Dark Reading

A look at what database activity monitoring can and can’t do, and some recommendations on how to implement the best system for your organization

By Adrian Lane

Database activity monitoring, a form of application monitoring, examines how applications use data and database resources to fulfill user requests. DAM captures and records database events — which, at minimum, includes all SQL activity — in real time or near real time.

DAM is focused on the database layer, which allows for a contextual understanding of transactions, or how multiple database operations constitute a specific business function.

From: AOL Government

From: NetworkWorld

ESG Research reveals best practices. Security Intelligence driving big data security analytics

Jon Oltsik

From: Government Security News

By: Sanjay Castelino

The Federal Information Security Management Act, often called FISMA, was once looked at as purely a “box checking” procedure. The infamous “report cards” were often inaccurate, and rewarded agencies that could best play the paperwork game, rather than actually implement effective security.

This is no longer the case, as FISMA now emphasizes proactivity in security, rather than simply reacting to breaches as they occur.

From: GovTech/Public CIO

By Hilton Collins

Between now and early 2013, the Department of Homeland Security is expected to release an RFP for continuous monitoring, a function for detecting network compliance and risk vulnerabilities — which means the feds are working toward a huge shift in how they secure their networks next year.

George Schu, senior vice president at Booz Allen Hamilton, which consults federal agencies on technology decisions and often is instrumental to computing decisions at America’s highest level of leadership, says the company will bid on this RFP. And ultimately, Schu said he expects the DHS and the General Services Administration to spread this monitoring process throughout D.C. next year. He told Government Technology this week that the deal, if successful, could lay the foundation for additional operational changes in federal agencies.

Editor’s Note:  The report, “Empty battlements – enemy inside the gates: Why IT managers need to make time for SIEM is attached here.

From: IT Security Pro

A study carried out by SecureData says that businesses are increasingly coming under threat of attack from both inside their organisation and outside.

The independent IT security service provider – which estimates that UK businesses alone lose £21bn a year to cybercrime – says the research sought to identify how businesses are struggling to manage their Security Information and Event Management (SIEM) systems, leaving them vulnerable to security attacks, data breaches, and compliance issues.

From: AOL Government