New Requirements for Security Monitoring

From: Network World

by Jon Oltsik

Pressing need for integration, intelligence, automation, and big data capabilities

Today’s security threats are difficult to defend against.  On the one hand, the volume of malware variants has gone through the roof over the past few years.  On the other, targeted attacks have become more stealthy and damaging.

How can CISOs possibly combat this cybersecurity double-edged sword?  With continuous monitoring of everything — IT assets, configurations, network traffic, application behavior, user activity, etc.


What Continuous Monitoring Really Means

From: FedTech

Monitoring is an essential part of cybersecurity, but agencies must establish an effective security infrastructure first.

Dr. Ron Ross

Continuous monitoring is an important part of an agency’s cybersecurity efforts. But without establishing an effective security framework first, those efforts may be misspent.

The National Institute of Standards and Technology recently completed a fundamental transformation of the certification and accreditation process into a comprehensive, near real-time security lifecycle process as part of a Risk Management Framework (RMF).


New Report Shows Dramatic Increase in Uptake of Continuous Monitoring

Security Leaders Increasing Frequency of Proactive Assessment to Determine Strengths and Allocate Resources Effectively

SANTA CLARA, CA–(Marketwire – Jul 30, 2012) –  RedSeal Networks, the world’s leading proactive enterprise security management provider, today highlighted results of the recent ESG Research Report, “Security Management and Operations,” which found that a growing number of organizations are adopting continuous monitoring to improve protection of their electronic assets and validate compliance with required security policies.


Training: FISMA Continuous Monitoring: Build Your Information Security Continuous Monitoring (ISCM) Program

From: Digital Government Institute

August 28 – August 29, 2012

Office of Management and Budget (OMB), Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) are placing increased emphasis on implementing an effective “information security continuous monitoring (ISCM) program” for all government and contractor run IT systems. This will be accomplished by DHS and OMB increasing the annual FISMA reporting requirements and NIST issuing NIST Special Publications (SP):

  • Information Security Continuous Monitoring Guideline (SP 800-137) – Final
  • Security-Focused Configuration Management Guideline (SP 800-128) – Final
  • Update Risk Assessment Guideline (SP 800-30 Rev 1)


VA, GSA each pushes major IT acquisitions to next steps

From: FederalNewsRadio.com 1500AM

By Jason Miller

Two major technology contracts are ready to enter their next steps in the acquisition process.

The Veterans Affairs Department is evaluating bids for its $5 billion commodity IT hardware contract and expects to make awards by Sept. 30.

The General Services Administration any day now will release a request for information for a blanket purchase agreement on how best to offer continuous monitoring tools to other agencies.

Both of these significant contracts, coupled with what some in industry are calling the busiest fourth quarter buying season in recent memory, are showing that despite budget pressures and the potential for sequestration cuts, agency spending is healthy and active.


FAA: Continuous Monitoring Job Opening (Salary Range: $109,189.00 to $169,188.00 / Per Year)

From: USAJobs.gov

Job Title: Computer Specialist

Department:Department Of Transportation

Agency:Federal Aviation Administration

Job Announcement Number:AWA-AIS-12-MR47065-27086


$109,189.00 to
$169,188.00 / Per Year


Tuesday, July 24, 2012 to Tuesday, August 07, 2012




Full Time – Permanent


1 vacancy in the following location: Washington DC, DC View Map


Current or Former Federal Employees & EVHO Click here for definition of EVHO.


5 Tips to Improve Intrusion Detection

Editor’s Note:  More information on SP 800-93, Rev. 1, including the draft document, may be found here.

From: GovInfoSecurity

By Information Security Media Group

Intrusion detection and prevention software has become a necessary addition to the information security infrastructure of many organizations, so the National Institute of Standards and Technology is updating its guidance to help organizations to employ the appropriate programs.

NIST is seeking comments from stakeholders on the guidance, Special Publication 800-93, Revision 1 (Draft): Guide to Intrusion Detection and Prevention Systems, before publishing a final version.


Continuous Monitoring & Risk Scoring (CMRS) Defense Connect Online (DCO) Training Session Materials Available (for authorized users)

From: DISA

On July 19, DISA PEO-MA successfully held a Continuous Monitoring & Risk Scoring (CMRS) DCO session with over 400 participants attending. The video recording, presentation slides, and user guide are available to view and download at *** east.esps.disa.mil/DISA/ORG/MA5/scm/cmrs/SitePages/Training.aspx (add https:// in front of URL).


Beyond the Hype of the Cybersecurity Act

From: GovInfoSecurity.com

What the Senate Bill Means for Those Charged with Securing IT

By Eric Chabrow

U.S. government federal agencies would be required to continuously monitor and conduct penetration tests of their IT systems under the latest version of the Cybersecurity Act of 2012.

When sponsors reintroduced the Senate bill last week, the debate mostly focused on the stripping of provisions from the earlier version that would have granted the government authority to regulate the mostly privately-owned national critical IT infrastructure. But the revised legislation also would make significant changes on how the federal government governs IT security.


Tips & Tricks: Here I’m testing a simple Max/MSP patch using the [udpsend] object to Splunk listening on localhost:8002.

From: Splunk>Blogs

Here I’m testing a simple Max/MSP patch using the [udpsend] object to Splunk listening on localhost:8002.

Using Splunk to check consistency of a sin function based log generator written in Max.

The Max patch to the right is generating a log entry many times a second, the exact amount being modulated by a [sin] object.  Since the sin wave is pretty easy to detect discrepancies in, I can just eyeball for dropped packets or latency.  With this information, and an eye on my system load using some code stolen from our Unix App, I can safely proceed knowing what load I can push my system to during demos running both Splunk and Max before I see problems using this setup.

Older posts «