There’s nothing new about the idea of continuous monitoring in information technology systems. But the ever-growing and changing cyber threat landscape explains new mandates that it become an integral part of all new federal IT systems, according to Lance Dubsky, chief information security officer with the National Geospatial-Intelligence Agency (NGA).
“As the Intelligence Community has begun implementing ICD-503, and the NIST Risk Management Framework, every new system will have a continuous monitoring strategy,” he says during the latest edition of the new radio program AFCEA Answers.
He goes on to say that the big challenge is to also continually review security controls tied to the strategy, to make sure those controls always match the changing security risk.
Al Kinney, director of cybersecurity capabilities with Hewlett-Packard, feels that the tools are available now to readily integrate continuous monitoring into most federal systems.
“You’ll have a solid system based on a standardized process and a standardized kit of tools, so that you have the opportunity to understand fully what’s happening on your networks,” he says.
Is continuous monitoring a key plank of cybersecurity strategy in your federal agency or company? And: is it making a difference?
Got a question? Got an answer? AFCEA Answers wants to hear from you – join in the conversation!