Express Computer
Home  »  Artificial Intelligence AI  »  How To Improve Organization’s Security Posture with Continuous Control Monitoring?

How To Improve Organization’s Security Posture with Continuous Control Monitoring?

0 44

By Jie Zhang, VP Analyst at Gartner

The adoption of new technologies and growth of digital businesses are contributing to the expansion of threat landscape, creating a need for more controls. Increased attack surfaces due to cloud adoption and new digital business are making security assurance tasks even more arduous, error-prone and incomplete than before.
Organizations of various sizes and in different industries often face resource limitations due to their security and IT operational teams being occupied with manual testing and reporting on controls. To address this issue, leaders in security and risk management must adopt technology such as continuous control monitoring (CCM) that automates the monitoring of cybersecurity controls’ effectiveness and aids in gathering relevant information in almost real time.

How CCM Tools Benefit an Organization?
CCM tools provide SRM leaders and relevant IT operational teams with a variety of capabilities that allow for the automation of CCM, reducing the need for manual effort. These tools support activities throughout the control management life cycle, such as gathering data from various sources, testing the effectiveness of controls, reporting results, notifying stakeholders, and even initiating corrective actions in cases of ineffective controls or anomalies.

Additionally, the automation provided by these tools allows SRM leaders and IT operational teams to obtain almost real-time insights into the effectiveness of controls. This, in turn, improves situational awareness when monitoring security posture and detecting compliance gaps.

There are numerous other benefits that organizations can derive from CCM, including:

  • Streamlining control testing and reducing audit management costs. SRM leaders and IT operational teams no longer have to rush to gather evidence and evaluate controls immediately before audits when evidence of key control activities is collected automatically according to designated standards and policies.
  •  By introducing checks and balances, organizations can ensure that controls and gaps are actively managed.
  • Reduction in the cost of independent external audits by sharing evidence and avoiding the assessments typically performed by consulting firms.
  • By using preconfigured dashboards and reporting features, the human error associated with ad hoc data exports, copying and pasting, and hunting for files is reduced.
  • Reduced remediation costs, since control deficiencies are identified and fixed before they escalate.
  • A better understanding of the organization’s security and compliance posture for senior leaders.

An organization must determine its security compliance requirements, based on frameworks, regulations, and industry standards, as well as internal policies, before rolling out a CCM implementation.

As a next step, organizations should define the scope of connecting systems and applications to a CCM tool. The selected systems and applications need to be clearly documented and agreed upon. Assess the scope of the project, determine the requirements, including automation, your organization’s readiness, the user roles that could benefit from CCM capabilities, and the budget. This task involves, among other things, checking whether the IT asset tracking is consistent, inventorying and cataloguing security controls (the percentage of technical controls versus nontechnical controls) and checking the frequency of security control testing and compliance reporting. Calculating how many controls and assets the security and IT operational teams must manage and the cost of existing management capabilities is essential.

Furthermore, organizations must then evaluate CCM vendors and their tools against the requirements. Additionally, identify the data sources available in the security management portfolio and whether they can be used as sources for CCM. Data sources are crucial for successful deployment of CCM solutions.

Ultimately, companies should configure their selected CCM tool to meet the necessary requirements and utilize any gap analysis features to enhance monitoring capabilities. This includes establishing alerts and priorities, integrating them into response procedures, and ensuring recipients are informed. Testing should also be conducted to verify proper implementation. In addition, personnel training and pilot programs should be conducted in the production environment. As the final step, implementing the CCM tool should be followed by ongoing monitoring of its performance, coverage, and process integration to continually improve settings and automate compliance reporting effectively.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image