NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
The National Institute of Standards and Technology is seeking public comment on three draft interagency reports that provide guidance on the continuous monitoring of information systems for security vulnerabilities.
New guidance from the National Institute of Standards and Technology defines an information security continuous monitoring strategy and shows how organizations can create an information security continuous monitoring program.
The shift to monthly reports of key metrics through CyberScope from annual FISMA filings allows security practitioners to make decisions using more information and more quickly than ever before, OMB Director Jacob Lew says.
The soon-to-be issued FY 2011 Chief Information Officer FISMA Reporting Metrics from the Department of Homeland Security will require agencies to report on their progress in automating the continuous measurement of the most critical security risks.