The Federal Desktop Core Configuration (FDCC) standard is designed to protect and harden Windows desktop systems against hundreds of security vulnerabilities. Compliance from federal agencies is compulsory, and is part of the federal scorecard. The detailed complexities of FDCC compliance can be overwhelming, and it can be difficult to know where to start.

Join Sean Sherman, Compliance Program Manager at Tripwire, and Studio T host Mark Blevis for this informative podcast on what FDCC is and what your agency can do to become compliant with the guidelines.

The ISO27001 standard is an international hallmark of IT security practices and governance, establishing best practices guidelines for use the world over. While it offers broader compliance and protocols than specific regulations such as SOX or PCI, are there compelling reasons that make it worthwhile to embark on its long process of compliance?

Join Sean Sherman, Compliance Program Manager at Tripwire, and Studio T host Mark Blevis for this informative podcast on why it makes good business sense to become compliant to this international standard, and how you can automate the process

To keep up with their expanding computing needs, more and more companies are turning to virtualization. But as they do, they find very real security concerns. So does virtualization put us more at risk to security threats? What do you need to do to ensure both your physical and virtualized environments are safe?

In this podcast Neil MacDonald, a leading expert on Security & Virtualization issues, explores the key issues driving security for virtualization and what you need to consider to find the right solution for your needs.

To keep up with their expanding computing needs, more and more companies are turning to virtualization. But as they do, they find very real security concerns. So does virtualization put us more at risk to security threats? What do you need to do to ensure both your physical and virtualized environments are safe?

In this podcast, Gartner analyst Neil MacDonald looks at best practices that will ensure you get the best results from your chosen solution.

The most common cause of system downtime and compliance and security problems is unplanned change. It can undermine file integrity, the ability to quickly recover from outages, reduce organizational performance, and cause systems to drift from a known state. This jeopardizes the ability to pass audits and increases security risks.

Tripwire Enterprise configuration assessment capabilities automatically measure configurations against standard security policies, blocking 95% of known vulnerabilities. Configuration assessment can also reduce the time and effort it takes to prepare for and pass an audit by 50% by helping IT organizations achieve and maintain a known, trusted and compliant state.

Join Mark Petrie, Senior Product Manager for Tripwire, and Studio T host Mark Blevis, as they discuss the many benefits of automated configuration assessment.

IT organizations rely on process controls to manage physical environments, yet when virtual machines are deployed and accessed, those controls disappear, including security controls. However, security is the one control that must remain constant across all IT environments, otherwise all infrastructure is vulnerable.

In this podcast, Gene Kim, CTO and founder of Tripwire, discusses the issues involved in managing virtual environments. He introduces listeners to the steps that can be taken to reduce risks and augment process controls across all systems.

While physical IT environments rely on visible controls, such as cabling, servers, etc., virtual environments must rely on invisible, automated controls. But how do you know if those processes are really working to control configuration settings and security? Having a central point of control helps companies manage risks and ensure maximum benefit of the virtual world.

In this podcast, Gene Kim, CTO and founder of Tripwire, explains the need for security and control in virtualized environments, and how Tripwire's new ConfigCheck solutions can help organizations achieve and maintain known and trusted states across all environments.

Security has often been misunderstood by other departments in the IT organization, being thought of more as a bottleneck than a collaborator. But the growing complexity and vulnerability of systems, and the need for meeting regulatory compliance, requires that security be integrated throughout daily operations, product development, and release management in order to achieve and maintain a trusted state. This idea is at the core of the new book Visible Ops(tm) Security Handbook, co-authored by Gene Kim.

Join Tripwire founder and CIO Gene Kim as he and Studio T host Mark Blevis discuss the Visible Ops Security Handbook, how security can integrate with daily operations, and why this guide is needed now.

Virtualization is the future of IT data centers, providing many operational advantages, such as the agility to provide service on demand, reduced hardware costs, and more "mileage" from existing servers. But there are challenges, too. Without visibility to all changes, it can be difficult to know if configuration standards are being met on a virtual machine that exists one day and not the next. Change auditing is required in order to achieve and maintain operational, security and regulatory compliance in this dynamic environment.

Join Tripwire Senior Product Manager Ted Gary as he and Studio T host Mark Blevis discuss the virtualization revolution in IT and how Tripwire customers can easily transition their physical environment controls to the virtual environment.

The annual RSA Conference is a showplace for the who's who of security solutions vendors. The event showroom is lined with scores of the industry's leading vendors - no one individual could hope to see them all.

So, the Information Security Media Group team did the job for you, visiting with more than 60 vendors of particular interest to banking and security leaders.

Tripwire has long been known for its robust change auditing technology. Now, with the release of Tripwire Enterprise 7.1, change auditing data is used to trigger configuration assessment tests that evaluate change as within policy and compliant, either with external regulations or internal policies. This breakthrough opens the door for a whole toolbox of workflow improvements for managing change across the data center.

Join Robert DiFalco, CTO of Products for Tripwire, and Studio T host Mark Blevis, as they discuss the exciting new features and benefits of Tripwire Enterprise 7.1.

Tripwire's hallmark technology is change auditing. Now with the release of Tripwire Enterprise 7.1, IT organizations can match those changes to configuration policies to determine if changes are good or bad for the system. In this podcast you will learn how Tripwire's enhanced configuration assessment capabilities and on-demand reporting can help your company automate security, operational and regulatory compliance with little or no manual intervention.

Join Robert DiFalco, CTO of Products for Tripwire, and Studio T host Mark Blevis, as they discuss the exciting new features and benefits of Tripwire Enterprise 7.1.

One of the most daunting tasks facing federal agencies is proving systems and data are secure enough to earn an "authorization to operate." Being compliant with FISMA requires that all agencies, and the companies that conduct business with them, must develop, document, and implement specific security frameworks to protect sensitive information. However, this process has resulted in an overwhelming number of manual methods that may or may not meet FISMA standards. That’s why agencies and companies are seeking ways to automate and standardize the compliance and oversight process.

Configuration assessment is more than a method for ensuring that configurations have been made according to plan. It is a proven collection of rules, tests, benchmarks and policies that check every change made in any IT sector or to any device to make sure your systems remain in continuous compliance. But this process needn't be a difficult one; in fact, new tools that combine change auditing and configuration assessment automate the entire process.

Join Ananda Arasu, Tripwire product manager, and Studio T host Mark Blevis to learn how configuration assessment works and how it helps you achieve and maintain a known and trusted state in your IT data center.

IT operations and infrastructures are subjected to constant change, such as new systems, applications and regulations. Configuration management is emerging as a key component to managing that change and running our IT operations - and our businesses - more efficiently. In fact, leading analyst firm Gartner expects Configuration Audit solutions to be a mainstream offering within the next two years.

Join Gartner Research Vice President Ronni Colville, a leading expert on configuration issues, as she examines what Configuration Audit solutions are, why they are gaining so much momentum, and how you can determine the right solution - and provider - for your needs.

Compliance to the Payment Card Industry Data Security Standard (PCI DSS) is no longer voluntary, it is now mandatory, with threat of sanctions and monetary fines for non-compliance. While most retailers grudgingly push themselves into compliance, others are seeing PCI as a competitive advantage. Their view is that capital investment in compliance is an opportunity to improve security and process control. This helps prevent the intrusions that can result in the loss of customer credit card data while building trust with the customer.

Join Studio T host Mark Blevis and Rob Garf, retail analyst with AMR Research, as they discuss the challenges and benefits of becoming PCI compliant in the retail sector.

Tripwire Enterprise 7 is a whole new ball game in configuration and control management. More than detecting and analyzing change, it assesses all configuration settings across the datacenter and determines the degree of risk for security and compliance vulnerabilities. It also assesses, authorizes and validates any and all changes to core infrastructure, helping your organization achieve and maintain continuous operational, security and regulatory compliance, which are essential to reducing costs and improving efficiency.

Tripwire has long been known for its change auditing capabilities, but with the release of Tripwire Enterprise 7, IT organizations have a whole new lens with which to view change and configuration management. That’s because Tripwire Enterprise 7 combines change auditing with configuration assessment, providing a single source for determining not only if a change is authorized, but also if it’s within policy and within compliance. This enables organizations to achieve and maintain a known, trusted and compliant state across the datacenter.

There are some IT organizations that have it all: best in class rates of system availability, mean time to repair, change success and more. But they didn't get that way by accident. High performers have locked down a method that helps them achieve this success.

In this podcast from Studio T, host Mark Blevis and Gene Kim, Tripwire's co-founder and chief technology officer, reveal the two controls behind the success of high performing IT organizations and the metrics your company can use to improve performance.

Tripwire Enterprise 7 changes the game in how IT organizations manage, validate, control and enforce change across the datacenter. It gives IT organizations the ability to look at change through a new lens of policy conformance, both user-defined and industry benchmarks. Out-of-the-box templates help you determine how compliant systems are, and enabling you to take action on exceptions, in order to achieve and maintain a known, trusted and compliant state.

In this podcast from Studio T, host Mark Blevis and Steve Hall, Tripwire’s product marketing manager, reveal the features and benefits of Tripwire Enterprise 7 configuration audit and control solution, and give you 7 reasons to upgrade today.

While many companies that conduct credit card transactions keep their back-end transaction systems protected from breaches and within compliance, the card reader (point of sale-POS) environment is an often overlooked area of PCI control. Unfortunately, it is within the POS that many hackers find their biggest successes. To keep your company from becoming a big bad headline, it is important to review how you handle, store and transfer data and where the risk to security really falls.

In this podcast from Studio T, host Mark Blevis and security consultant Barak Engel discuss what how to review your company's POS risk level to prevent security and data breaches, and stay PCI compliant.

Understanding the legal issues surrounding the PCI Data Standard is a challenge in itself. Beyond that, there are a multitude of practical and operational issues that IT organizations have to address to ensure compliance. Where does the IT organization begin to develop the processes that will allow a company to comply with PCI requirements?

In this podcast from Studio T, host Mark Blevis and security consultant Barak Engel examine what the PCI standard means on a practical level for the IT organization.

PCI is a practical form of best practices that serves to protect sensitive customer data. However, it also serves as a great starting point for incorporating effective security throughout the system and becoming compliant with other regulations. By using a phased-in approach, companies can use PCI to build a strong security framework.

In this podcast from Studio T, host Mark Blevis and security consultant Barak Engel discuss what companies can do to leverage PCI and stay ahead of security threats.

The PCI Data Standard is a credit card industry standard, not a government regulation. However, companies that don’t comply with the standard face high fines, sanctions, and more. How does a merchant or member bank avoid such penalties and maintain a high compliance posture?

In this podcast from Studio T, host Mark Blevis and Dan Langin, Attorney at Law, discuss what the PCI standard means for merchants, banks, and other companies that handle credit card information

Organizations are beginning to implement a configuration management data base (CMDB) as a way to more efficiently and automatically discover configuration change and manage assets within the IT infrastructure. Unfortunately, many implementations, and results, can be chaotic. Without knowing what has changed, if the change has been approved, and if an audit trail has been created, the CMDB can be populated with inaccurate data.

In this podcast, you will hear how practicing an holistic approach to change management-control change, approve change, and creating an audit trail-instead of viewing change as a series of isolated events, is not only key to ensuring the accuracy and success of CMDB but also to improve performance, service, compliance and availability.

This podcast discusses:

• The definition of a CMDB is and what it can do for an IT organization and business as a whole
• The importance of change and configuration management processes to a CMDB
• How a CMDB can improve compliance, availability and security

Stephen Elliot is a research manager with IDC, Inc., specializing in analysis of enterprise markets and the impact on IT organizations.

Join Studio T host Mark Blevis in welcoming Stephen Elliot of IDC, Inc. as they discuss the importance of change control and change management to the successful implementation of a CMDB.

Many organizations struggle with sustaining regulatory compliance and reporting, managing configuration change across the infrastructure, and ensuring that systems are consistently available across the enterprise. With a successfully implemented CMDB, which includes change management processes, IT organizations can become more efficient and effective in areas that impact business objectives.

In this podcast, you will hear how a CMDB can change an organization’s perspective about IT management, from one that focuses on components to one that focuses on service, thereby improving efficiency, compliance, performance and availability.

This podcast discusses:

• The benefits of managing configuration and change across an entire enterprise
• The importance of executive buy-in to change management and CMDB implementation
• How CMBD can improve business services and applications and meet strategic goals
• How to evaluate the ROI of a CMDB

Stephen Elliot is a research manager with IDC, Inc., specializing in analysis of enterprise markets and the impact on IT organizations.

Join Studio T host Mark Blevis in welcoming Stephen Elliot of IDC, Inc. as they discuss the benefits and return on investment of a CMDB to both IT organizations and to business overall.

Discover how change control and ’knowing what changed’ can provide IT organizations a radically improved method for restoring systems and shortening outages.

Unauthorized change, even a change made in the heat of battle during an outage, can complicate and lengthen system outages. Changes that are unauthorized, undocumented and untested directly affect service availability and reduce the ability of an IT organization to quickly restore systems.

In this podcast, you will hear how making all change visible, authorized, documented and tested is the best way to not only reduce the frequency of outages, but to also shorten the duration of outages when they do occur and restore services faster.

This podcast unveils:

• How unauthorized change can severely hamper an organization’s ability to keep systems up and running
• How change control helps take the guesswork out of restoring systems

Join Studio T host Mark Blevis and Tripwire’s CTO Gene Kim as they discuss how organizations can use change control to greatly improve system availability and mean time to repair.

Adopting best practices can be overwhelming, especially if you are trying to wade through the extensive volumes of ITIL framework. However, as IP Services discovered, by applying 20% of best practices–specifically change management–you can reap 80% of the benefits, which includes drastic reduction of unplanned work for your organization and increased availability of services for customers.

Join Studio T host Mark Blevis and Scott Alldridge, president and CEO of IP Services Inc., as they discuss a practical approach to improvement, why change management is at the core of best practices, and the many benefits that can be channeled into a value proposition for your customers.

The Sarbanes-Oxley Act is a law focused on ensuring that publicly traded companies in the US comply with certain accounting practices. The act has caused much confusion in IT organizations since its inception, causing IT executives to wonder exactly what their requirements are in the quest to comply with SOX. What are IT’s responsibilities where SOX compliance is concerned?

In this podcast from Studio T, host Mark Blevis and attorney Dan Langin talk about how SOX requirements relate to the IT organization and help sort out the requirements of IT for SOX compliance.

Canada Bill 198 is similar to the U.S. Sarbanes-Oxley (SOX) act, designed to prevent publicly traded companies from manipulating the accounting process in order to give the appearance of better or improved financial results. Like SOX, it is based on three requirements: internal controls, evaluation and disclosure. Discover how change management enables compliance in each of the three areas by ensuring change is authorized and auditable, and unauthorized change is investigated.

Join Studio T host Mark Blevis and Attorney and technology specialist Dan Langin as they discuss the intent of strong policies to protect internal controls, and how change management can help companies meet the requirements of Bill 198.