nCircle Federal Outlook Blog: January 2012 Archives

Jim Acquaviva and I provided a different take on continuous monitoring in a webinar last week. While lots of agencies are doing continuous monitoring of one kind or another, the subset of those agencies that are effective in using continuous monitoring to effect dramatic risk reduction is… small at best.

This new webinar can provide insight into several successful federal implementations of continuous monitoring, detailing four key practices that are driving real organizational change. Listen in to this webinar recording to find out how these key practices can improve your security program, understand their relationship to metrics and benchmarking and how nCircle Benchmark can provide the foundation for dramatic improvements in your security posture.

A very interesting development this week for you fans of continuous monitoring: John Streufert is taking on the role of Director at the National Cybersecurity Division of DHS. This appears to be part of the administration's ongoing efforts to strengthen DHS' role in cybersecurity.

Almost everyone with an interest in continuous monitoring, security scorecards, the Consensus Audit Guidelines, or related concerns in the federal IT security space, is aware of John Streufert's seminal work as the CISO of the US Department of State. As a result of his consistent, timely, clear and actionable presentation of security risks, engaging not just IT but program and mission executives, State recorded a 90% reduction in risk across the organization in the first year, and the program has continued to evolve and improve.

Other programs based on this and similar approaches have been extremely successful in driving the changes in organizational behavior that are necessary to achieve really dramatic risk reduction. In the federal space, examples include the Centers for Medicare/Medicaid Services (CMS) and the US Agency for International Development (USAID). Commercially, services like nCircle Benchmark are premised on many of the same principles.

John's new role provides him with a broader stage, and I for one am looking forward to seeing what will be coming from NCSD - the State Department’s loss, but a gain for the rest of us.