Le Lézard
Classified in: Science and technology
Subject: Product/Service

First Industry-Wide Continuous Monitoring Standardized Taxonomy for Cybersecurity Alerting and Reporting


The Shared Assessments Program, the member-driven leader in third party risk assurance, today announced that the organization's Continuous Monitoring Taxonomy subgroup has released "Creating a Unified Continuous Monitoring Cybersecurity Taxonomy: Gaining Ground by Saying What's What." An unprecedented community of Continuous Monitoring (CM) service providers and third party risk experts have been brought together by the Shared Assessments Program for this endeavor. It is understood to be the first such effort to establish standardized commonalities and terms to benefit the global risk management and cyber security communities.

The "Gaining Ground" briefing paper is phase one of the two-phase cooperative project led by the Shared Assessments' Continuous Monitoring working group. This group has galvanized practitioners from 57 member organizations in the Continuous Monitoring Working Group, as well as non-member CM solution providers in the Taxonomy Subgroup, to establish a common set of terms and standards for identifying, alerting and reporting potential risks. The unified taxonomy is critical for setting expectations in this field, and lays the groundwork for developing organizational risk frameworks that use continuous monitoring practices in a more flexible and effective manner.

The taxonomy categorizes the types of alert information organizations can choose for monitoring to better understand the risk factor terminology. In this way, the initiative allows CM providers to use a single set of terminology to assure that the information that's collected, gathered, analyzed and presented back to their customers is consistent and clearly and uniformly structured, which will help advance the ability of all organizations to meet due diligence and reporting requirements more effectively and efficiently.

"The challenge we face is that there are many CM firms who are using differing definitions for continuous monitoring alerts, and these alerts can also be very different in the way they are described," said Charlie Miller, Senior Advisor, Shared Assessments. "We hope to create consistency across those CM firms to use a similar taxonomy in defining the types of alerts they're monitoring for cybersecurity vulnerabilities, thereby helping users understand what they're buying and the risks that are being monitored through those services. This effort will assist customers with integrating a CM solution into their own cybersecurity infrastructure and alignment with their risk appetite framework."

"Continuous monitoring is one of the fastest growing segments of Third Party Risk Management, and a crucial element of both risk management and cybersecurity. Unfortunately, even the best practitioners have struggled against a ?tower of Babel' when attempting to ensure consistent practices, policies and reporting structures," said Bob Maley, Chief Security Officer, NormShield Cybersecurity. "Between the use of disparate terms to define a factor being monitored, and differing standards for what constitutes monitoring in many cases, the need for a clear and consistent lingua franca has been longstanding. The rapidly evolving threat environment and new regulatory scrutiny make that need newly urgent."

The unified Continuous Monitoring Taxonomy will improve the effectiveness of continuous monitoring and achieve the following results:

For a copy of "Creating a Unified Continuous Monitoring Cybersecurity Taxonomy: Gaining Ground by Saying What's What" go to http://sharedassessments.org/cm-taxonomy.

Phase two work effort for this series is currently under development by the Shared Assessments Program Continuous Monitoring Taxonomy subgroup. The group is working with virtually all of the existing continuous monitoring solution providers, as well as other outsourcers and third parties, to vet the terminology being developed.

About the Shared Assessments Program

As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups and special projects. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk-sensitive environment in your organization.

For more information, go to https://sharedassessments.org/


These press releases may also interest you

at 16:05
Immunome, Inc. , a biotechnology company focused on developing first-in-class and best-in-class targeted cancer therapies, today announced financial results for the full year ended December 31, 2023, and provided an overview of recent developments....

at 16:05
Bristol Myers Squibb today announced an update following the initial analysis of results from the first of two induction studies in the Phase 3 YELLOWSTONE clinical trial program evaluating Zeposia (ozanimod) in adult patients with moderate to...

at 16:05
SOFTRAX, a leading provider of cloud-based billing and revenue management solutions, today announced that the SOFTRAX Revenue Management System was named a 2024 SIIA CODiE Award Finalist in the Best Subscription Billing Solution category. CODiE...

at 16:05
Personalis, Inc. , a leader in advanced genomics for cancer, announced today that its management team will present at the 23rd Annual Needham Virtual Healthcare Conference on Wednesday, April 10 at 1:30 p.m. Eastern Time. About Personalis, Inc....

at 16:05
Leafly Holdings, Inc. ("Leafly" or "the Company") , a leading online cannabis discovery marketplace and resource for cannabis consumers, today announced financial results for its fourth quarter and year ended December 31, 2023. "We saw continued...

at 16:05
Achieve Life Sciences, Inc. , a late-stage pharmaceutical company committed to the global development and commercialization of cytisinicline for smoking cessation and nicotine dependence, today announced fourth quarter and year-end 2023 financial...



News published on and distributed by: