Continuous Monitoring for Industry

The Financial Executives Research Foundation (FERF) has released a report, Benefits of Continuous Monitoring (attached below) which seeks to “better understand how companies have implemented Continuous Monitoring” based on the experiences of 11 private sector organizations. 

It should be noted that the concept of continuous monitoring in the study is broader than the FISMA model and goes beyond monitoring of internal security controls to examine issues related to monitoring of external transactions to help improve management efficiency.  Thus, caution should be exercised in interpreting the study from a cybersecurity perspective. 


SANS Announces the Release of a Major Update to the 20 Critical Controls

Editor’s Note:  Attached below is the SANS Institute’s “Twenty Critical Security Controls for Effective CyberDefense: Consensus Audit Guidelines (CAG)” which discusses the 20 Critical Controls in detail.

From: SANS Institute

SANS Announces the Release of a Major Update to the 20 Critical Controls

The SANS Institute announced today the release of a major update to the 20 Critical Controls, a prioritized baseline of information security measures designed to provide continuous monitoring to better protect government and commercial computers and networks from cyber attacks.


New DDoS defence technology launched


Simwood has launched a defence technology that it claims can be used defend against distributed denial of service (DDoS) attacks.

Integrated as a hardware-based system with a server-side service running on its own servers, Simwood says that its offering is modular, offering users a layered approach to DDoS defences.

The offering, says the firm, is hardware-based, always-on and blocks traffic from questionable sources, as well as providing rapid and continuous monitoring for anomalies, and actively blocking intrusions.


Continuous Monitoring Technical Reference Model Conference Calls

From: NIST

SCAP community,

On March 21 NIST hosted a 400 person Continuous Monitoring (CM) workshop ( to discuss the government vision for creating a CM technical reference model. The workshop was focused on the CM model overview described in draft NIST IR 7756 (


Cybersecurity: Defense Department

From: Government Executive

By Aliya Sternstein

The U.S. military’s computer systems are probed by outsiders millions of times a day, while insiders, like a soldier who allegedly extracted heaps of classified files for public consumption on the WikiLeaks website, also pose threats.

In mid-July, the Pentagon released an unprecedented cybersecurity strategy that formally branded cyberspace as a domain of warfare, akin to land, sea, air and space. But, instead of outlining offensive measures, the framework focuses on how to deter the enemy from ever attempting an attack.