Resources

How to comply with PCI DSS 4.0 while juggling day-to-day tasks
Blog
Blog

How to comply with PCI DSS 4.0 while juggling day-to-day tasks

By Editorial Staff on Tue, 05/16/2023
Image In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0. One of the questions we commonly hear is, “How do we prepare for PCI 4.0 deadlines while still maintaining day-to-day operations?” The discussion...
Compliance
Explaining the PCI DSS Evolution & Transition Phase
Blog
Blog

Explaining the PCI DSS Evolution & Transition Phase

By Tripwire Guest Authors on Wed, 04/26/2023
Image The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies.  The increasing cases of high-profile data breaches and...
Compliance
The K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year
Blog
Blog

The K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year

By Katrina Thompson on Mon, 04/24/2023
Image The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report...
Cybersecurity
Compliance
On-Demand Webinar
On-Demand Webinar

Insights for Navigating PCI-DSS 4.0 Milestones

With the PCI-DSS 4.0 implementation deadline looming just around the corner in 2024, financial companies have no time to waste when it comes to reaching key compliance milestones. Watch this on-demand webinar presented by Fortra’s Tripwire and BankInfoSecurity.com designed to help you get—and stay—on track for PCI 4.0 compliance. Hear from industry experts on preparing for PCI...
Compliance
PCI DSS
Dont-fail-an-audit-over-a-neglected-annual-policy-review
Blog
Blog

Don’t fail an audit over a neglected annual policy review

By Tripwire Guest Authors on Mon, 03/20/2023
Image When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve...
Compliance
ISO27001 Updates: Change is afoot
Blog
Blog

ISO27001 Updates: Change is afoot

By Tripwire Guest Authors on Mon, 03/13/2023
Image If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System,  ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards...
Compliance
The-Language-of-Cybersecurity-Frameworks-Guidance-Regulations-and-Standards
Blog
Blog

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

By Bob Covello on Wed, 02/15/2023
Image When it comes to acronyms, Technology and Cybersecurity often rival various branches of government.  Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS.  Government, however, rarely disappoints in its inventiveness, whether it is the...
Cybersecurity
Compliance
Pylon and cables
Blog
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
Image The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not...
Compliance
NIST
Industrial Control Systems
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

By David Bruce on Wed, 11/23/2022
Image In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations...
Vulnerability & Risk Management
Compliance
Security Configuration Management
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

By David Bruce on Fri, 11/11/2022
Image In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry...
Cybersecurity
Compliance
Security Configuration Management
Getting started with Zero Trust: What you need to consider
Blog
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Image Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by...
Cybersecurity
Compliance
NIST
Security Configuration Management
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Integrity Monitoring Use Cases: Security

By David Bruce on Thu, 11/03/2022
Image   Compliance is an essential aspect of every organization, and in business terms, it entails ensuring that organizations of all sizes, and their personnel, comply with national and international regulations, such as GDPR, HIPAA, and SOX. When guaranteeing compliance, many firms frequently overlook security. Gary Hibberd...
Compliance
File Integrity & Change Monitoring
Brace yourself – ISO27001 changes are coming
Blog
Blog

Brace yourself – ISO27001 changes are coming

By Tripwire Guest Authors on Wed, 11/02/2022
Image If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even...
Cybersecurity
Compliance
What Does the Industry Want to Improve on NIST Cybersecurity Framework 2.0
Blog
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022
Image The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014...
Compliance
NIST
Industrial Control Systems
Top trends in Application Security in 2022
Blog
Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

By Tripwire Guest Authors on Thu, 10/20/2022
Image In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation. This process caused delays while teams worked on...
Cybersecurity
Compliance
CIS Controls
An Introduction to the State and Local Cybersecurity Grant Program
Blog
Blog

An Introduction to the State and Local Cybersecurity Grant Program (SLCGP)

By David Henderson on Wed, 10/19/2022
Image Cybersecurity funding in corporate environments has always been a source of anxiety for those who seek to keep organizations safe. When we examine the cybersecurity readiness of many state, local, and territorial governments, this funding struggle is taken to new heights of scarcity. Fortunately, a new program has been created...
Cybersecurity
Compliance
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Integrity Monitoring Use Cases: Compliance

By David Bruce on Wed, 10/19/2022
Image What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations...
Compliance
PCI DSS
File Integrity & Change Monitoring
Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS
Blog
Blog

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

By Tripwire Guest Authors on Wed, 08/31/2022
Image The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global...
Compliance
PCI DSS