NIST SP 800-137

From: Network World | Opinion

By Jon Oltsik

Organizations are collecting, processing, and analyzing more and more network traffic.

In a recent ESG research report, enterprise security professionals were asked to identify the primary objectives associated with their organization’s network security strategy (note: I am an ESG employee). It turns out that 40% of organizations plan to move toward continuous monitoring of all assets on the network, while 30% plan to capture more network traffic for security analytics.

From: FCW

By Dave McClure, Thomas Romeo

At their core, virtually all government agencies are process-driven, and this is especially true in direct citizen- and business-facing agencies. Systems and software that are driven by business processes are increasingly being implemented on top of service-oriented or cloud-based infrastructures, and they are becoming intertwined with security and privacy compliance.

Too often in government, business and security risk assessments are conducted as formalities and in a rather disjointed fashion. Information security/technology teams usually do not know the business processes and therefore focus their risk assessments on specific threats and “cool” technologies streaming out of industry. Consequently, in investment review board meetings, CIOs are unable to justify the need for new security protections or products in business terms.

From: GCN

By GCN Staff

The intelligence community will host a meeting next month to brief IT firms on research into insider threat monitoring systems.

The conference, to be hosted by the Intelligence Advanced Research Projects Agency (IARPA), will provide background for an upcoming solicitation on the Scientific Advances to Continuous Insider Threat Evaluation (SCITE) program.

Read Complete Article

From: InformationWeek/DarkReading

Kelly Jackson Higgins

Chief privacy officer Jason Straight shares his insights on why organizations are struggling to stop the breach wave — and manage the aftermath.

Hackers keep on hacking, breaches keep on happening. The cycle continues, as major corporations now routinely get successfully compromised. A key element of the equation now is properly and efficiently responding to an attack as well as managing its aftermath.

***

Dark Reading: What are organizations doing wrong in how they’re focusing their energies in security?

From: ExecutiveBiz

Published by Ross Wilkers

Many enterprise organizations will shift to a posture that sees them operate under the assumption that they have already suffered a computer security breach and cloud computing will be a factor in that approach, two cybersecurity executives from Microsoft have told ExecutiveBiz.

Scott Price, general manager of the software giant’s national security group, identified that shift in assumption as a “cultural trend” in a recent conversation with ExecutiveBiz and said companies will move to a model of continuous detection and containment in order to stay ahead of potential threats.

Read Complete Article

From: Federal Times

Aaron Boyd, Senior Writer

As agencies look at migrating services to the cloud, NASA’s move to a public cloud infrastructure has become a use case for speed, cost savings and increased security.

***

Security “really has not been an issue for us other than getting past people’s own perception of how secure these infrastructures really are,” said Chet Hayes, InfoZen CTO. “In conjunction with the security Amazon provides, we actually provide continuous monitoring security-as-a-service as part of our offering for NASA.”

Read Complete Article

From: FederalNewsRadio.com | 1500AM

By Jason Miller

The Office of Personnel Management is pushing the bounds of cybersecurity. It’s moving from the idea of defense in-depth or even the popular continuous monitoring to a concept called orchestration.

Jeff Wagner, OPM’s director of IT security, said orchestration isn’t just about protecting network or systems, but understanding in real time what’s happening and who is on your IT infrastructure, and then being able to react to any potential or real problem immediately.

Read Complete Article

From: FCW

By Sean Lyngaas

The federal government has gone all in on continuous diagnostics and mitigation, a wide-ranging and ambitious program to guard agency networks against cyber threats. Run by the Department of Homeland Security, the program aims to address 15 types of continuous diagnostics and pairs a dedicated acquisition vehicle with expert guidance and even DHS dollars for agencies seeking to improve their monitoring.

The first phase, which focuses on endpoint device security, has drawn widespread agency interest, and network managers who have implemented CDM have said the system of dashboards provides a revealing view of vulnerabilities — many of which had gone unnoticed under previous monitoring regimes.

From: ComputerWeekly.com

Cliff Saran

Bill Ruh, vice-president of GE Software, believes machines are getting smarter. The company has expanded its vision of an industrial internet to an industrial cloud.

In 2013, Computer Weekly spoke to Ruh about a new software-enabled services business that the industrial giant was building.

The new business would provide predictive analytics based on continuous device monitoring on the so-called industrial internet.

Read Complete Article

From: Federal Times

Aaron Boyd, Senior Writer

Agencies and industry are seeing movement on the government’s biggest cybersecurity effort to-date with the first awards on the second task order for the Continuous Diagnostics and Mitigation (CDM) program announced and more to come this year.

The $29 million award — won by a group led by Knowledge Consulting Group — will provide the first set of technologies and services toward building a real-time view of networks managed by the Department of Homeland Security and its components.

Read Complete Article