Guide
PCI DSS and the CIS Controls
Benchmarks, Standards, Frameworks and Regulations: What’s the Difference?
The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have...
Guide
Mind the Cybersecurity Gap: Why Compliance Isn't Enough
Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in...
Guide
Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls
The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s...
Guide
5 Critical Steps: Complete Security Risk and Compliance Lifecycle for Government
Maintaining security and compliance in today’s ever-changing environment is a never-ending task. To manage that task, the most successful government organizations adopt a systematic approach that promotes continuous improvement.
Tripwire is a leading provider of enterprise-class foundational controls for federal security, compliance, and IT operations. We listened to our...
Guide
Foundational Controls Buyer's Guide
As your organization grows, your technology landscape becomes increasingly more sophisticated and complex. You need foundational controls to keep your organization secure, compliant and available. Foundational controls have proven to deliver a highly effective and efficient level of defense against the majority of real world attacks and provide the necessary foundation for...
Guide
Getting Up to Speed on GDPR
Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their...
Guide
Governance, Risk, and Compliance
Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide
FISMA SI-7 Buyer's Guide
The FISMA SI-7 Buyer’s Guide focuses on one of the most difficult security controls agencies must adhere to: NIST 800-53 SI-7. Learn what solutions to look for.
Guide
The Executive's Guide to the CIS Controls
See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors.
This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide...
Guide
Essential PCI DSS v4.0 Transition Checklist
The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory...
Guide
Closing the Integrity Gap with NIST's Cybersecurity Framework
When the National Institute of Standards and Technology (NIST) announced that it had released its new Cybersecurity Framework in 2014, it appeared on the surface to be just one more option for organizations looking to develop a cohesive and effective cyber risk management strategy. Indeed, there are dozens of choices available and organizations have been all over the map when...
Guide
How to Achieve Compliance with the NIS Directive
Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives. For example,...
Guide
Adjusting to the Reality of Risk Management Framework
The Risk Management Framework (RMF) is an approach to systems security management that adjusts security controls based on risk factors. The practice involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security.
Image
Federal entities need to...
Guide
Building a Mature Vulnerability Management Program
A successful vulnerability management program requires more than the right technology. It requires dedicated people and mature processes. When done properly, the result can be a continuously improving risk management system for your organization.
This white paper was written by CISSP-certified Tripwire system engineers with extensive experience in implementation of...
Datasheet
Tripwire Vulnerability Risk Metrics
A vulnerability management program should provide a series of metrics that outline the vulnerability risk to the organization and how the risk posture is trending. In addition to this, reports should be provided which show system owners which vulnerabilities pose the greatest risk to the organization and how to remediate them. This report outlines recommendations for...
Datasheet
Calculating the ROI of a Vulnerability Management Program
Return on investment on IT security infrastructure purchases (solutions and products) has traditionally been hard to quantify. However, there are some compelling aspects of securing an organization’s infrastructure that can be identified and quantified. This discipline will continue to evolve as organizations focus on managing and balancing their security expenses and strive to...
Guide
The Five Stages of Vulnerability Management Maturity
One key element of an effective information security program within your organization is having a good vulnerability management (VM) program, as it can identify critical risks. Most, if not all, regulatory policies require a VM program, and information security frameworks advise implementing VM as one of first things an organization should do when building their information...