2
Traditionally, information technology (IT) security and capital planning and inv estment control (CPIC) processes have been performed independently by security a nd capital planning practitioners. However, the Federal Information Security Man agement Act (FISMA) of 2002 and other existing federal regulations charge agenci es with integrating the two activities. In addition, with increased competition for limited federal budgets and resources, agencies must ensure that available f unding is applied towards the agencies highest priority IT security investments. Applying funding towards high-priority security investments supports the objecti ve of maintaining appropriate security controls, both at the enterprise-wide and system level, commensurate with levels of risk and data sensitivity. This speci al publication (SP) introduces common criteria against which agencies can priori tize security activities to ensure that corrective actions identified in the ann ual FISMA reporting process are incorporated into the capital planning process t o deliver maximum security in a cost-effective manner. The implementation of IT security and capital planning practices within the fede ral government is driven by a combination of legislation, rules and regulations, and agency-specific policies. FISMA requires agencies to integrate IT security into their capital planning and enterprise architecture processes, conduct annua l IT security reviews of all programs and systems, and report the results of tho se reviews to the Office of Management and Budget (OMB). Therefore, the implemen tation of FISMA legislation effectively integrates IT security and capital plann ing because agencies must document resource and funding plans for IT security. F urthermore, implementation of FISMA legislation is intended to ensure that agenc y resources are protected and risk is effectively managed. It requires that agen cies incorporate IT security into the life cycle of their information systems. O MBs FISMA reporting guidance also referenced use the National Institute of Standa rds and Technology (NIST) SP 800-26, Security Self-Assessment Guide for Informat ion Technology Systems to evaluate agency security programs. The results of the self-assessment should be documented in the agencys annual FISMA report and logge d in the agencys plan of action and milestones (POA&M), along with POA&M inputs f rom other appropriate sources. The agency must then determine the costs and time frames associated with mitigating the weaknesses identified in the POA&Ms. These costs are captured in the system or programs annual OMB Exhibit 300 and in the e nterprise-wide Exhibit 53, which are the funding vehicles submitted to OMB to se cure an operating budget. Figure ES-1 illustrates this process. Introduction Monitoring applications to detect and respond to problems - before an end user i s even aware that a problem exists - is a common systems requirement, especially for revenue-generating production environments. Most administrators understand the need for application monitoring. Infrastructure teams, in fact, typically mo nitor the basic health of application servers by keeping an eye on CPU utilizati on, throughput, memory usage and the like. However, there are many parts to an a pplication server environment, and understanding which metrics to monitor for ea ch of these pieces differentiates those environments that can effectively antici pate production problems from those that might get overwhelmed by them. When applied in an appropriate context, application monitoring is more than just the data that shows how an application is performing technically. Information s uch as page hits, frequency and related statistics contrasted against each other can also show which applications, or portions thereof, have consistently good ( or bad) performance. Management reports generated from the collected raw data ca n provide insights on the volume of users that pass though the application. An o nline store, for example, could compare the dollar volume of a particular time s egment against actual page hits to expose which pages are participating in highe r or lower dollar volumes. Traditionally, information technology (IT) security and capital planning and inv estment control (CPIC) processes have been performed independently by security a

ApplicationPMon

Embed Size (px)

Citation preview

Page 1: ApplicationPMon

8/7/2019 ApplicationPMon

http://slidepdf.com/reader/full/applicationpmon 1/2

Traditionally, information technology (IT) security and capital planning and investment control (CPIC) processes have been performed independently by security and capital planning practitioners. However, the Federal Information Security Management Act (FISMA) of 2002 and other existing federal regulations charge agencies with integrating the two activities. In addition, with increased competitionfor limited federal budgets and resources, agencies must ensure that available funding is applied towards the agencies highest priority IT security investments.

Applying funding towards high-priority security investments supports the objective of maintaining appropriate security controls, both at the enterprise-wide andsystem level, commensurate with levels of risk and data sensitivity. This speci

al publication (SP) introduces common criteria against which agencies can prioritize security activities to ensure that corrective actions identified in the annual FISMA reporting process are incorporated into the capital planning process to deliver maximum security in a cost-effective manner.The implementation of IT security and capital planning practices within the federal government is driven by a combination of legislation, rules and regulations,and agency-specific policies. FISMA requires agencies to integrate IT security

into their capital planning and enterprise architecture processes, conduct annual IT security reviews of all programs and systems, and report the results of tho

se reviews to the Office of Management and Budget (OMB). Therefore, the implementation of FISMA legislation effectively integrates IT security and capital planning because agencies must document resource and funding plans for IT security. Furthermore, implementation of FISMA legislation is intended to ensure that agency resources are protected and risk is effectively managed. It requires that agencies incorporate IT security into the life cycle of their information systems. OMBs FISMA reporting guidance also referenced use the National Institute of Standards and Technology (NIST) SP 800-26, Security Self-Assessment Guide for Information Technology Systems to evaluate agency security programs. The results of theself-assessment should be documented in the agencys annual FISMA report and logged in the agencys plan of action and milestones (POA&M), along with POA&M inputs from other appropriate sources. The agency must then determine the costs and timeframes associated with mitigating the weaknesses identified in the POA&Ms. These

costs are captured in the system or programs annual OMB Exhibit 300 and in the enterprise-wide Exhibit 53, which are the funding vehicles submitted to OMB to secure an operating budget. Figure ES-1 illustrates this process.

Introduction

Monitoring applications to detect and respond to problems - before an end user is even aware that a problem exists - is a common systems requirement, especiallyfor revenue-generating production environments. Most administrators understand

the need for application monitoring. Infrastructure teams, in fact, typically monitor the basic health of application servers by keeping an eye on CPU utilization, throughput, memory usage and the like. However, there are many parts to an a

pplication server environment, and understanding which metrics to monitor for each of these pieces differentiates those environments that can effectively anticipate production problems from those that might get overwhelmed by them.

When applied in an appropriate context, application monitoring is more than justthe data that shows how an application is performing technically. Information s

uch as page hits, frequency and related statistics contrasted against each othercan also show which applications, or portions thereof, have consistently good (

or bad) performance. Management reports generated from the collected raw data can provide insights on the volume of users that pass though the application. An online store, for example, could compare the dollar volume of a particular time segment against actual page hits to expose which pages are participating in higher or lower dollar volumes.

Traditionally, information technology (IT) security and capital planning and investment control (CPIC) processes have been performed independently by security a

Page 2: ApplicationPMon

8/7/2019 ApplicationPMon

http://slidepdf.com/reader/full/applicationpmon 2/2

nd capital planning practitioners. However, the Federal Information Security Management Act (FISMA) of 2002 and other existing federal regulations charge agencies with integrating the two activities. In addition, with increased competitionfor limited federal budgets and resources, agencies must ensure that available funding is applied towards the agencies highest priority IT security investments.Applying funding towards high-priority security investments supports the objective of maintaining appropriate security controls, both at the enterprise-wide and

system level, commensurate with levels of risk and data sensitivity. This special publication (SP) introduces common criteria against which agencies can prioritize security activities to ensure that corrective actions identified in the annual FISMA reporting process are incorporated into the capital planning process to deliver maximum security in a cost-effective manner.The implementation of IT security and capital planning practices within the federal government is driven by a combination of legislation, rules and regulations,and agency-specific policies. FISMA requires agencies to integrate IT security

into their capital planning and enterprise architecture processes, conduct annual IT security reviews of all programs and systems, and report the results of those reviews to the Office of Management and Budget (OMB). Therefore, the implementation of FISMA legislation effectively integrates IT security and capital plann

ing because agencies must document resource and funding plans for IT security. Furthermore, implementation of FISMA legislation is intended to ensure that agency resources are protected and risk is effectively managed. It requires that agencies incorporate IT security into the life cycle of their information systems. OMBs FISMA reporting guidance also referenced use the National Institute of Standards and Technology (NIST) SP 800-26, Security Self-Assessment Guide for Information Technology Systems to evaluate agency security programs. The results of theself-assessment should be documented in the agencys annual FISMA report and logged in the agencys plan of action and milestones (POA&M), along with POA&M inputs from other appropriate sources. The agency must then determine the costs and timeframes associated with mitigating the weaknesses identified in the POA&Ms. Thesecosts are captured in the system or programs annual OMB Exhibit 300 and in the e

nterprise-wide Exhibit 53, which are the funding vehicles submitted to OMB to se

cure an operating budget. Figure ES-1 illustrates this process.


Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Documents
Tragic Heroes

Tragic Heroes

Documents
Fortran

Fortran

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Chapter 24

Chapter 24

Documents
Minne hävisivät soneran rahat

Minne hävisivät soneran rahat

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
The Best American Humorous Short Stories

The Best American Humorous Short Stories

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Who Killed God

Who Killed God

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
xCDC14a

xCDC14a

Documents
How Computer Monitors Work

How Computer Monitors Work

Documents
Cakes Recipes

Cakes Recipes

Documents
Bhagavad Gita

Bhagavad Gita

Documents
Compressing And Decompressing Folders

Compressing And Decompressing Folders

Documents
Acetone Peroxide

Acetone Peroxide

Documents
European Colinization of Latin America

European Colinization of Latin America

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
Rubik's cube solution

Rubik's cube solution

Documents
Puntuación PAEF,s

Puntuación PAEF,s

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
United States Constitution

United States Constitution

Documents
The Dutch Republic In International Trade

The Dutch Republic In International Trade

Documents
Barclays1

Barclays1

Documents
Aesops Fables

Aesops Fables

Documents