What is continuous controls monitoring (CCM)?
Continuous controls monitoring (CCM) is a set of technologies to reduce business losses through continuous monitoring and reducing the cost of audits through continuous auditing of the controls in financial and other transactional applications.
Continuous control monitoring (CCM) is a technology-based solution to continuously monitor processes and help customers to transition from traditional, sample-based testing models to economical monitoring of full populations. It allows clients to redeploy resources from rote testing to value-based investigations. As a platform offered as managed service, CCM empowers and enables the first line to own and operate their operational processes, while retaining transparency and audit trail. This trail, in turn, allows the second and third lines of defense to monitor first-line activities, thus eliminating redundancies in testing and associated costs.
What are the benefits of continuous controls monitoring (CCM)?
Security teams implementing a CCM approach realize the following tangible benefits:
- Enhanced Accuracy – “Right the first time”— demonstrates the proportion of transactions that adhered to expected process and tolerances…so you can focus on understanding and reducing anomalies.
- Collaboration – You can increase trust and transparency across lines of defense through centralized dashboards and extractable insight content.
- Integration – CCM can help your organization connect and synthesize risk and control data from multiple platforms across the enterprise
- Reduce Costs – CCM can help your organization reduce costs, by reducing human capital effort on low-value testing, transferring risk resolution to first line management, and highlighting process deviations for investigation
What are the stages of a continuous controls monitoring (CCM) initiative?
The stages of a continuous controls monitoring initiative are:
- Identify potential processes or controls according to industry frameworks such as COSO, COBIT 5 and ITIL; define the scope of control assurance based on business and IT risk assessments; and establish priority controls for continuous monitoring.
- Identify the control objectives (or goals) and key assurance assertions for each control objective. (Guidelines for the formalisation of assertions may need to be developed as the concept of formal assertions is not well developed within IT risk).
- Define a series of automated tests (or metrics) that will highlight (or suggest) success or failure of each assertion using a “reasonable person holistic review.”
- Determine the process frequencies in order to conduct the tests at a point in time close to when the transactions or processes occur.
- Create processes for managing the generated alarms, including communicating and investigating any failed assertions and ultimately correcting the control weakness.
What are the challenges in building a continuous controls monitoring program?
Continuous monitoring of cybersecurity poses some challenges, such as managing the volume and complexity of data generated from various sources, integrating and correlating the data from different tools and platforms, ensuring the accuracy and reliability of the data, and balancing the trade-offs between security and performance. This includes eliminating false positives and negatives, validating the sources and methods of data collection and analysis, optimizing the frequency and scope of data collection and analysis, and minimizing the impact on network and system resources.
How can Nagomi help teams with continuous threat exposure management?
Nagomi’s continuous defense assessment and threat mapping to MITRE offer organizations a means to consistently understand and compare the status of their program not only against their most pertinent threats but also against industry best practices and frameworks.
By mapping to NIST CSF, CIS 18, and other relevant frameworks applicable to an organization, in addition to MITRE, Nagomi can generate in-depth reports that highlight gaps in coverage but also benchmark the organization’s security posture against industry standards. This provides customers with the support and guidance needed for audits and required external assessments. Nagomi can seamlessly generate relevant reports for internal and external sharing, eliminating hours of resource-intensive and laborious work. These reports provide not only scores indicating how your organization compares to industry frameworks but also granular details down to the asset level, prioritizing remediations to facilitate compliance improvement.
In addition to specific reports on frameworks, in all defense and threat protection assessments, customers gain visibility into how specific attacker techniques and security control capabilities map to frameworks, controls, and safeguards.
Nagomi helps cybersecurity teams make their security tools more effective against real-world threats. By connecting to the tools that customers already have, the Nagomi Proactive Defense Platform maps threats like ransomware, phishing, and insider threat to specific campaigns, then analyzes defenses to provide prescriptive, evidence-based remediation plans to reduce risk and maximize ROI.