SOURCE: Truestone LLC

Truestone LLC

February 17, 2011 14:38 ET

Truestone Article Shows How to Transition From Static Cyber Security Defenses per New FISMA Requirement

HERNDON, VA--(Marketwire - February 17, 2011) - Truestone, LLC, announced today that its article on the steps agencies can take to prepare and implement a near real time cyber security program is featured in the January 2011 issue of Information Week Analytics.

The article, written by John Sankovich, Truestone's VP of Federal Civilian Services, focuses on how to effectively respond to the technical and policy challenges facing agencies as they shift away from static annual security threat assessments to the use of enterprise-wide real-time tools, metrics, analysis and evaluation, referred to as "continuous monitoring" in an "evolving environment of threats and vulnerabilities." This requires a holistic view in determining how changes may affect existing security controls and the creation of requirements for modifying controls to address new threats and vulnerabilities introduced by a planned change.

The article stresses that security isn't a stand-alone function, but one that must be automated and integrated into all aspects of the information system lifecycle. Special emphasis is placed on having a business-wide visibility into the interdependencies of threats and a prioritized security plan based on business impact.

Basic continuous monitoring functions include the ability to collect and analyze configuration information, analyze rules, provide alerts, assess risks and vulnerabilities, provide reports and audits, perform scenario modeling and provide network diagrams and topologies. Technologies involved include vulnerability management, patch management, configuration management, network management, license management, information management and software assurance. The article is available at www.analytics.informationweek.com. John Sankovich can be reached at john.sankovich@truestonefed.com.

About Truestone
 
Truestone employees deliver cyber security, enterprise IT, systems integration and network engineering solutions to the federal government nationwide. Truestone is a subsidiary of Qivliq, LLC -- a NANA company. For more information, visit www.truestonefed.com.

Contact Information