At the direction of OMB and NIST, security and IT pros in federal government must develop plans to implement "continuous monitoring," the practice of using IT security controls to constantly monitor and manage the security status of their information systems and networks. The transition from static security to continuous monitoring requires a new approach to IT security, and IT teams must devise a strategy and roadmap to be successful.
In this editorial Webcast, cybersecurity experts will help discuss the tools and processes involved in moving from a traditional security environment to one designed around continuous monitoring. This Webcast will help government IT pros:
Understand the objectives of continuous monitoring, such as reduced threat exposure through real time risk assessment and response.
Identify the steps involved, including determining the security impact of changes to IT systems and producing assessment reports.
Assess system requirements in areas such as malware detection and event and incident management.
Determine the need for upgrades and investment in new technologies.
4. Today’s Presenters John Streufert Deputy Chief Information Officer Information Assurance United States Department of State Steve Johnston CISSP, ITIL Lead Federal Systems Engineer Tripwire, Inc.
5. What Is Continuous Monitoring? “Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” >>NIST SP 800-137
6. Building It Into The IT Budget “What makes us more secure is real-time security monitoring--continuous monitoring--and acting on data. That's why agencies are directed as part of the FY 2012 budgeting process to make sure that their budget reflects presidential priority in terms of investing in tools, not in paperwork reports.” >>Federal CIO Vivek Kundra, June 2010
8. CIA Invests In RedSeal Systems "Continuous monitoring technologies will enable the U.S. intelligence community to effectively operate the complex, dynamic network defenses that protect critical information and systems.” >>William Strecker, CTO, In-Q-Tel
9. FISMA 2.0: A Continuous MonitoringCase Study John Streufert ( DOSCISO@state.gov ) Deputy Chief Information Officer for Information Security US Department of State February 14, 2011
10. Nature of Attacks 80% of attacks leverage known vulnerabilities and configuration management setting weaknesses 10
12. Case Study: Scan every 36-72 hours Find & Fix Top Issues Daily Personal results graded Hold managers responsible 12
13. How: 1. Narrow Aim 13 [11 months before Feb 09]
14. 2.Bad things by Numbers Chemical Dumping Littering vs. L.A. Hotel Pays a $200,000 fine because an employee dumps pool chemicals into a drain fumes fill a subway station -- several people become ill March 23, 2010 14
26. Lessons Learned When continuous monitoring augments snapshots required by FISMA: Mobilizing to lower risk is feasible & fast (11 mo) Changes in 24 time zones with no direct contact Cost: 15 FTE above technical management base This approach leverages the wider workforce Security culture gains are grounded in fairness, commitment and personal accountability for improvement 26
28. 20 Year old commercial said “The quality goes in, before the name goes on” 28
29. 29 Should we position our best solutions before or after accidents? Cofferdam unit departing Wild West in Port Fourchon on the Chouest 280 workship named Joe Griffin 05 May 2010 -- Photo from BP.com
33. Conclusions Risk Scoring and Continuous Monitoring is scalable to large complex public and private sector organizations Higher ROI for continuous monitoring of technical controls as a substitute for paper reports Summarized risk estimates could be fed to enterprise level reporting 33
34. Continuous Monitoring: Best Practices Steve Johnston, CISSP, ITIL, Lead Federal Systems EngineerTripwire, Inc.
35.
36. Take control and remain in control of your infrastructureSpirit of Continuous Monitoring
37. 1 Categorize Assets 2 Determine Risk Threshold 3 Establish Monitoring Frequency 4 Provide Detailed Reporting 36
38. Categorize logically and by criticality Is it a critical asset? Is it a medical system High, moderate or low severity? What kind of missions and programs do they support? Benefits to Categorization Easier to make risk based decisions Homepage and Reporting views Risks are easier to determine knowing the mission the asset supports 37 Categorize Assets
47. LOW – Users are part of a remote desktop groupDetermine Risk Threshold 38
48. 39 Determine frequency by function and risk associated with each system and security control System level frequency Security Control level frequency Application level frequency Determine Monitoring Frequency
66. Example Feedback to the Authorized Official Respond on Critical Control and Change Information 42
67. Example Feedback to the Authorized Official Provide actionable data What and Where Respond to Critical Events 43
68. 1 Categorize Assets 2 Determine Risk Threshold 3 Establish Monitoring Frequency 4 Provide Feedback to Authorizing Official 44
69. About Tripwire Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses and government agencies take control of their entire IT infrastructure. Over 5,500 customers in more than 87 countries rely on Tripwire’s integrated solutions. Tripwire® VIA™, the comprehensive suite of industry-leading file integrity, policy compliance and log and event management solutions, is the way organizations proactively prove continuous compliance, mitigate risk, and achieve operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com
71. Resources To View This or Other Events On-Demand Please Visit: http://www.netseminar.com For more information please visit: http://www.tripwire.com