SlideShare una empresa de Scribd logo

Continuous Monitoring 2.0

nCircle - a Tripwire Company
nCircle - a Tripwire Company

Continuous Monitoring 2.0: Cloud-based Benchmarking in Industry and the Federal Government GFirst Conference 2012

Empresariales
1 de 29
Descargar para leer sin conexión
Continuous Monitoring 2.0: Cloud-based Benchmarking in Industry and the Federal Government Keren Cummins, Director, Federal Programs nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
nCircle at a Glance • More than 6,500 customers worldwide • 10 consecutive years of revenue growth • 150 employees with significant investment in R&D, & continued innovation • Core business is VA, Configuration Compliance, File Integrity Monitoring, PCI, Performance Management • Ranked in Inc. 5000 six years in a row • Ranked one of San Francisco Bay Area’s Top 100 Fastest Growing Private Companies nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Agenda • The evidence for benchmarking as an essential element of success in continuous monitoring • Commercial initiative in cloud-based benchmarking • Mapping this initiative into the federal space • Your feedback! nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Defining Terms • Continuous Monitoring - the context of information security, is defined in 800-137 as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. • Benchmarking - the process of comparing one's business processes and performance metrics to industry bests and/or best practices from other industries. Dimensions typically measured are quality, time and cost. nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Game Changers • State Department – 89% risk reduction in the first 12 months across the entire world • USAID – FISMA C- to consistent A+’s for five years • Center for Medicare/Medicaid Services (CMS) – 80% risk reduction at 88 data centers and as high as 95% at one major center nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Common Elements • Breadth of engagement • Simplicity of result • Context • Short cycle time nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Why hasn’t everyone done this? • Or, why is this hard? – Metrics are hard – My organizational structure is different – My monitoring solution won’t do that nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
The Challenge for Security Performance Management • How can we replicate benchmarking success effectively? – With the organizations and tools that we already have in place? – For all our security programs (not just vulnerability management and configuration auditing)? nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
https://benchmark.ncircle.com nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
The CISO needs what the CFO has…. • CISO needs a metrics language to describe a company’s security performance just like the CFO describes financial performance • CISO’s can now field a formal security performance management program built on objective, fact based metrics that – Shows how security organization is protecting the company – Benchmarks performance vs. internal goals, and vs. industry peers – Trends performance over time nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
With a Security Performance Management Program, CISOs can demonstrate that • There is a comprehensive approach to security that is… – Measured against specific goals & standards – In line with our risk tolerance – Aggregated by meaningful asset groupings – At least equal to or better than our own industry's investment & performance – Controls aligned with GRC objectives • Based on actual data on an ongoing basis that we can rely on to make decisions on: – Investment – Execution – Resource allocation nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Security Metrics & Scorecards– cornerstone of an effective IT GRC assessment • Metrics affirm the existence and effectiveness of security controls • Scorecards enable and evidence management oversight; communicate performance and evaluate corrective actions • Well constructed Metrics and Scorecards: – Continuously monitor controls – Deliver trusted, timely, and actionable decision making information – Identify and communicate concentration of risks – Align security initiatives with business objectives nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
An Effective Security Performance Management Solution Proven Metrics and Scorecards • Measure performance to goals • Cover the entire IT Ecosystem • Objective, Fact- based metrics • Relevant & Actionable • Benchmark with peer groups  How secure and compliant is our enterprise?  How do we compare to others?  Are we investing effectively? IT Security Ecosystem Event Management & Incident Response Antivirus & Network Endpoint Endpoint Protection Encryption Protection Vulnerability Configuration Identity & Access Patch Management Auditing Management Management nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Valuable Peer Benchmarks Benchmark Performance Quadrants Benchmark Performance Standard Participant Results Weekly Performance Benchmark nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Analyze performance against Benchmarks & Identify underperforming areas nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Over 1,000 companies have joined nCircle Benchmark to-date Financial Services Bellwether Metrics nCircle Benchmark Accounts Benchmark Benchmark As of 7/20/12 Metric Average Median Quartile 1000 900 Top 25%: 0–5 800 Second Quartile: 6 - 33 Average CVSS host 172 33 Third Quartile: 34 - 67 700 score (per host) Bottom 25%: 68 - 700 600 500 Top 25%: 0 – 1 days 400 Second Quartile: 2–9 Average days since last 23 9 Third Quartile: 10 – 32 300 scan Bottom 25%: 33 – 90 200 100 Top 25%: 0 – 2 days 0 Second Quartile: 3 – 22 Virus definition age 29 22 Third Quartile: 23 – 40 (days) Bottom 25%: 41 - 56 Top 25%: .00 - .03% Second Quartile: .040 - .049% Failed logins per .05% .04% Third Quartile .05 - .08% attempt Bottom 25%: .09 - .11% nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Benchmarking in the Federal Space • All the same security domains as commercial, plus… • Agencies generate CyberScope continuous monitoring data, usually from SCAP XML files • Generated using a wide and growing variety of SCAP validated solutions, numerous vendors • Files uploaded to OMB once/month • Files are – Human readable? Not so much – Don’t lend themselves to trending – Don’t lend themselves to comparative analysis – Readily ingested and processed by nCircle Benchmark data collectors nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Cyberscope: Executive Summary nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Asset Classification & Departmental Benchmark nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Vulnerabilities & Departmental Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
SCAP Output • Continous Monitoring Metrics driven directly from SCAP data – Asset based Compliance, Vulnerability and Classification Scorecards • Asset Grouping identifies areas of improvement and concentration of risk or examines specific critical cyber assets – Intra- and Inter-Agency (Bureau/Service) Benchmark Comparisons nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
SCAP: Executive Summary nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Asset Identification & Departmental Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Compliance & Departmental Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Vulnerabilities & Benchmark Community nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
HQ Security Performance Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Benchmark Federal Notional Diagram Cyberscope reporting and benchmark comparisons Cyberscope Assets Vulnerabilities Configuration Internal Benchmark Scorecards, by Asset Group, SCAP sources plus Department local agencies bureaus FISMA locations requirements nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
Questions? • Contact information: Keren Cummins, Director Federal and MidAtlantic Programs (301) 379-2493 kcummins@ncircle.com nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
nCircle Company Confidential © 2012 nCircle. All Rights Reserved.

Recomendados

Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance SuiteNovell
 
Risk Advisory Services
Risk Advisory ServicesRisk Advisory Services
Risk Advisory ServicesEW Consultants India
 
Sunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera
 
Basel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesBasel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesLera Technologies
 
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12OnTechnicalDebt
 
IT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGIT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGArul Nambi
 
IT Governance Assessment / Audit - Product Solution
IT Governance Assessment / Audit - Product SolutionIT Governance Assessment / Audit - Product Solution
IT Governance Assessment / Audit - Product SolutionArul Nambi
 
DSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEDSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEAndris Soroka
 

Recomendados

Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance SuiteNovell
 
Risk Advisory Services
Risk Advisory ServicesRisk Advisory Services
Risk Advisory ServicesEW Consultants India
 
Sunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera
 
Basel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesBasel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesLera Technologies
 
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12
Estimating the principal of Technical Debt - Dr. Bill Curtis - WTD '12OnTechnicalDebt
 
IT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGIT GOVERNANCE OUTSOURCING
IT GOVERNANCE OUTSOURCINGArul Nambi
 
IT Governance Assessment / Audit - Product Solution
IT Governance Assessment / Audit - Product SolutionIT Governance Assessment / Audit - Product Solution
IT Governance Assessment / Audit - Product SolutionArul Nambi
 
DSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEDSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEAndris Soroka
 
About graycon
About grayconAbout graycon
About grayconmartyrj
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013Rahul Bhan (CA, CIA, MBA)
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementManoj Jain
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Nadir Hussain
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementRahul Bhan (CA, CIA, MBA)
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementRahul Bhan (CA, CIA, MBA)
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk managementRahul Bhan (CA, CIA, MBA)
 
Techserv Brochure
Techserv BrochureTechserv Brochure
Techserv Brochureguest8a430d
 
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORKSOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORKArul Nambi
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
Fraud Risk Services Brochure
Fraud Risk Services BrochureFraud Risk Services Brochure
Fraud Risk Services BrochureRahul Bhan (CA, CIA, MBA)
 
Retail Security solution
Retail Security solutionRetail Security solution
Retail Security solutionSsgstubbs
 
Bi Risk Services
Bi Risk ServicesBi Risk Services
Bi Risk ServicesRahul Bhan (CA, CIA, MBA)
 
TA security
TA securityTA security
TA securitykesavars
 
Fraud Risk Services Brochure
Fraud Risk Services BrochureFraud Risk Services Brochure
Fraud Risk Services BrochureRahul Bhan (CA, CIA, MBA)
 
Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationGoogle-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationnCircle - a Tripwire Company
 
2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey 2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey nCircle - a Tripwire Company
 
Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics BootcampnCircle - a Tripwire Company
 
Password War Games Webinar
Password War Games Webinar Password War Games Webinar
Password War Games Webinar nCircle - a Tripwire Company
 
Juice Jacking 101
Juice Jacking 101Juice Jacking 101
Juice Jacking 101Robert Rowley
 
Magento 2 product import export
Magento 2 product import exportMagento 2 product import export
Magento 2 product import exportBenno Lippert
 

Más contenido relacionado

La actualidad más candente

About graycon
About grayconAbout graycon
About grayconmartyrj
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementManoj Jain
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Nadir Hussain
 
Techserv Brochure
Techserv BrochureTechserv Brochure
Techserv Brochureguest8a430d
 
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORKSOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORKArul Nambi
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
Retail Security solution
Retail Security solutionRetail Security solution
Retail Security solutionSsgstubbs
 
TA security
TA securityTA security
TA securitykesavars
 

La actualidad más candente (16)

About graycon
About grayconAbout graycon
About graycon
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2
 
Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk management
 
Techserv Brochure
Techserv BrochureTechserv Brochure
Techserv Brochure
 
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORKSOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
SOFTWARE PRODUCT DEVELOPMENT GOVERNANCE FRAMEWORK
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
Fraud Risk Services Brochure
Fraud Risk Services BrochureFraud Risk Services Brochure
Fraud Risk Services Brochure
 
Retail Security solution
Retail Security solutionRetail Security solution
Retail Security solution
 
Bi Risk Services
Bi Risk ServicesBi Risk Services
Bi Risk Services
 
TA security
TA securityTA security
TA security
 
Fraud Risk Services Brochure
Fraud Risk Services BrochureFraud Risk Services Brochure
Fraud Risk Services Brochure
 

Destacado

Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationGoogle-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationnCircle - a Tripwire Company
 
2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey 2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey nCircle - a Tripwire Company
 
Magento 2 product import export
Magento 2 product import exportMagento 2 product import export
Magento 2 product import exportBenno Lippert
 

Destacado (6)

Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor AuthenticationGoogle-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor Authentication
 
2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey 2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey
 
Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics Bootcamp
 
Password War Games Webinar
Password War Games Webinar Password War Games Webinar
Password War Games Webinar
 
Juice Jacking 101
Juice Jacking 101Juice Jacking 101
Juice Jacking 101
 
Magento 2 product import export
Magento 2 product import exportMagento 2 product import export
Magento 2 product import export
 

Similar a Continuous Monitoring 2.0

Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
CCA 2013 Harness the Potential of QA
CCA 2013 Harness the Potential of QACCA 2013 Harness the Potential of QA
CCA 2013 Harness the Potential of QARebecca Gibson
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S proaxissolutions
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service providerpaulharry03
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIsH Contrex
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementAleksey Lukatskiy
 
ID Tech PPT.pdf
ID Tech PPT.pdfID Tech PPT.pdf
ID Tech PPT.pdfCReddy7
 
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentationjamesholler
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
IDC Technologies Presentation New
IDC Technologies Presentation NewIDC Technologies Presentation New
IDC Technologies Presentation NewVineet Mahajan
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld
 
Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Konstantin Berger
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics ProgramCydney Davis
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV ReadyThousandEyes
 

Similar a Continuous Monitoring 2.0 (20)

Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It
Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It
Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
 
CCA 2013 Harness the Potential of QA
CCA 2013 Harness the Potential of QACCA 2013 Harness the Potential of QA
CCA 2013 Harness the Potential of QA
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systems
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
 
Why Managed Services
Why Managed ServicesWhy Managed Services
Why Managed Services
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIs
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness Measurement
 
ID Tech PPT.pdf
ID Tech PPT.pdfID Tech PPT.pdf
ID Tech PPT.pdf
 
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentation
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
IDC Technologies Presentation New
IDC Technologies Presentation NewIDC Technologies Presentation New
IDC Technologies Presentation New
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018
 
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
 
Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics Program
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
 

Último

Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistanvineshkumarsajnani12
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...pujan9679
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubaijaehdlyzca
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecZurliaSoop
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...pujan9679
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowranineha57744
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 

Último (20)

Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 

Continuous Monitoring 2.0

  • 1. Continuous Monitoring 2.0: Cloud-based Benchmarking in Industry and the Federal Government Keren Cummins, Director, Federal Programs nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 2. nCircle at a Glance • More than 6,500 customers worldwide • 10 consecutive years of revenue growth • 150 employees with significant investment in R&D, & continued innovation • Core business is VA, Configuration Compliance, File Integrity Monitoring, PCI, Performance Management • Ranked in Inc. 5000 six years in a row • Ranked one of San Francisco Bay Area’s Top 100 Fastest Growing Private Companies nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 3. Agenda • The evidence for benchmarking as an essential element of success in continuous monitoring • Commercial initiative in cloud-based benchmarking • Mapping this initiative into the federal space • Your feedback! nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 4. Defining Terms • Continuous Monitoring - the context of information security, is defined in 800-137 as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. • Benchmarking - the process of comparing one's business processes and performance metrics to industry bests and/or best practices from other industries. Dimensions typically measured are quality, time and cost. nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 5. Game Changers • State Department – 89% risk reduction in the first 12 months across the entire world • USAID – FISMA C- to consistent A+’s for five years • Center for Medicare/Medicaid Services (CMS) – 80% risk reduction at 88 data centers and as high as 95% at one major center nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 6. Common Elements • Breadth of engagement • Simplicity of result • Context • Short cycle time nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 7. Why hasn’t everyone done this? • Or, why is this hard? – Metrics are hard – My organizational structure is different – My monitoring solution won’t do that nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 8. The Challenge for Security Performance Management • How can we replicate benchmarking success effectively? – With the organizations and tools that we already have in place? – For all our security programs (not just vulnerability management and configuration auditing)? nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 9. https://benchmark.ncircle.com nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 10. The CISO needs what the CFO has…. • CISO needs a metrics language to describe a company’s security performance just like the CFO describes financial performance • CISO’s can now field a formal security performance management program built on objective, fact based metrics that – Shows how security organization is protecting the company – Benchmarks performance vs. internal goals, and vs. industry peers – Trends performance over time nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 11. With a Security Performance Management Program, CISOs can demonstrate that • There is a comprehensive approach to security that is… – Measured against specific goals & standards – In line with our risk tolerance – Aggregated by meaningful asset groupings – At least equal to or better than our own industry's investment & performance – Controls aligned with GRC objectives • Based on actual data on an ongoing basis that we can rely on to make decisions on: – Investment – Execution – Resource allocation nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 12. Security Metrics & Scorecards– cornerstone of an effective IT GRC assessment • Metrics affirm the existence and effectiveness of security controls • Scorecards enable and evidence management oversight; communicate performance and evaluate corrective actions • Well constructed Metrics and Scorecards: – Continuously monitor controls – Deliver trusted, timely, and actionable decision making information – Identify and communicate concentration of risks – Align security initiatives with business objectives nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 13. An Effective Security Performance Management Solution Proven Metrics and Scorecards • Measure performance to goals • Cover the entire IT Ecosystem • Objective, Fact- based metrics • Relevant & Actionable • Benchmark with peer groups  How secure and compliant is our enterprise?  How do we compare to others?  Are we investing effectively? IT Security Ecosystem Event Management & Incident Response Antivirus & Network Endpoint Endpoint Protection Encryption Protection Vulnerability Configuration Identity & Access Patch Management Auditing Management Management nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 14. Valuable Peer Benchmarks Benchmark Performance Quadrants Benchmark Performance Standard Participant Results Weekly Performance Benchmark nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 15. Analyze performance against Benchmarks & Identify underperforming areas nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 16. Over 1,000 companies have joined nCircle Benchmark to-date Financial Services Bellwether Metrics nCircle Benchmark Accounts Benchmark Benchmark As of 7/20/12 Metric Average Median Quartile 1000 900 Top 25%: 0–5 800 Second Quartile: 6 - 33 Average CVSS host 172 33 Third Quartile: 34 - 67 700 score (per host) Bottom 25%: 68 - 700 600 500 Top 25%: 0 – 1 days 400 Second Quartile: 2–9 Average days since last 23 9 Third Quartile: 10 – 32 300 scan Bottom 25%: 33 – 90 200 100 Top 25%: 0 – 2 days 0 Second Quartile: 3 – 22 Virus definition age 29 22 Third Quartile: 23 – 40 (days) Bottom 25%: 41 - 56 Top 25%: .00 - .03% Second Quartile: .040 - .049% Failed logins per .05% .04% Third Quartile .05 - .08% attempt Bottom 25%: .09 - .11% nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 17. Benchmarking in the Federal Space • All the same security domains as commercial, plus… • Agencies generate CyberScope continuous monitoring data, usually from SCAP XML files • Generated using a wide and growing variety of SCAP validated solutions, numerous vendors • Files uploaded to OMB once/month • Files are – Human readable? Not so much – Don’t lend themselves to trending – Don’t lend themselves to comparative analysis – Readily ingested and processed by nCircle Benchmark data collectors nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 18. Cyberscope: Executive Summary nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 19. Asset Classification & Departmental Benchmark nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 20. Vulnerabilities & Departmental Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 21. SCAP Output • Continous Monitoring Metrics driven directly from SCAP data – Asset based Compliance, Vulnerability and Classification Scorecards • Asset Grouping identifies areas of improvement and concentration of risk or examines specific critical cyber assets – Intra- and Inter-Agency (Bureau/Service) Benchmark Comparisons nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 22. SCAP: Executive Summary nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 23. Asset Identification & Departmental Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 24. Compliance & Departmental Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 25. Vulnerabilities & Benchmark Community nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 26. HQ Security Performance Comparison nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 27. Benchmark Federal Notional Diagram Cyberscope reporting and benchmark comparisons Cyberscope Assets Vulnerabilities Configuration Internal Benchmark Scorecards, by Asset Group, SCAP sources plus Department local agencies bureaus FISMA locations requirements nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 28. Questions? • Contact information: Keren Cummins, Director Federal and MidAtlantic Programs (301) 379-2493 kcummins@ncircle.com nCircle Company Confidential © 2012 nCircle. All Rights Reserved.
  • 29. nCircle Company Confidential © 2012 nCircle. All Rights Reserved.