Continuous monitoring has captured followers in state and local government. Here are some statistics surrounding implementation and perspectives from those who practice it.
"We use continuous monitoring, reporting and alerting for our critical applications at various layers, from presentation to database, as well as for disk memory and CPU utilization. By also incorporating user monitoring, performance anomalies can be detected and resolved prior to customer impact."
— Dan Lohrmann, Chief Security Officer, Michigan
"It used to be acceptable to do security scans two or three times a year, but with advanced persistent threats and recent vulnerabilities, continuous monitoring is crucial. Security is no longer about what you know — it’s about what you don’t know."
— Kurt Plowman, Chief Technology Officer, Staunton, Va.
"Building an effective continuous monitoring strategy involves more than implementing tools that run 24x7 across our environment; it involves a deep understanding of risk, compliance drivers, situational awareness and having the right analytics in place to make the best decisions possible."
— John Matelski, CIO, Gwinnett County, Ga.
By the Numbers
Percentage of organizations that are continuously monitoring systems
SOURCE: “The State of Risk-Based Security Management: United States” (Ponemon Institute, 2012)
Age of the Federal Information Security Management Act (FISMA) that spawned the practice of continuous monitoring
SOURCE: The E-Government Act of 2002
Percentage of state and local government officials who have adopted cybersecurity control frameworks or methodologies
SOURCE: “The National Preparedness Report” (Federal Emergency Management Agency, 2012)
Estimated number of victims whose health and personal data were hacked from a Utah state website
SOURCE: “Data Breach Expands to Include More Victims” (Utah Department of Health, April 9, 2012)
36 to 72 hours
The frequency at which all PC and server configurations are checked at the U.S. State Department, a leader in continuous monitoring
SOURCE: “FISMA 2.0: Continuous Monitoring” — Case Study Update (State Department, Feb. 14, 2011)
READ MORE @
Want to learn more about continuous monitoring? Look up our white paper at statetechmag.com/CMWP.