Resources

attcking-the-center-for-internet-security
Blog

ATT&CKing the Center for Internet Security

By Tyler Reguly on Tue, 07/25/2023
I recently spoke at a Fortra Webinar about CIS and MITRE. More specifically, I discussed the intersection between the CIS Critical Security Controls, CIS Benchmarks, and MITRE ATT&CK. In this post, I won't go into deep details about the core background, but there are plenty of excellent references available online, including our breakdown of the...
Cybersecurity
Compliance
Incident Detection & Investigation
what-is-swift-eight-things-you-need-to-know.
Blog

What is SWIFT? 8 Things You Need to Know

By Tripwire Guest Authors on Mon, 07/24/2023
In our increasingly digital world, global communications and financial interactions are nigh inescapable for anyone in any industry or walk of life. The infrastructure in place for international transactions is complex and layered, containing moving parts that work in tandem to make things like transferring money nearly seamless. Many of those...
Cybersecurity
Compliance
how-the-nis2-directive-will-impact-you
Blog

How the NIS2 Directive Will Impact You

By Gary Hibberd on Tue, 07/11/2023
Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the...
Cybersecurity
Compliance
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NERC CIP
NIST
PCI DSS
SOX
PCI DSS 4.0 Requirements 11 and 12
Blog

PCI DSS 4.0 Requirements –Test Security Regularly and Support Information Security with Organizational Policies and Programs

By Editorial Staff on Wed, 07/05/2023
The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...
Compliance
5-things-everyone-needs-to-know-about-grc
Blog

5 Things Everyone Needs to Know About GRC

By Anastasios Arampatzis on Tue, 07/04/2023
Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk...
Cybersecurity
Compliance
Is CMMC 2.0 Rollout on the Horizon?
Blog

Is the CMMC 2.0 Rollout on the Horizon?

By Tripwire Guest Authors on Wed, 06/28/2023
The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect...
Compliance
What is the Gramm-Leach-Bliley Act (GLBA)?
Blog

What is the Gramm-Leach-Bliley Act (GLBA)?

By Josh Breaker-Rolfe on Tue, 06/27/2023
The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It...
Cybersecurity
Compliance
A Sarbanes-Oxley Act (SOX) IT Compliance Primer
Blog

A Sarbanes-Oxley Act (SOX) IT Compliance Primer

By Anthony Israel-Davis on Mon, 06/26/2023
At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley...
Compliance
Security Configuration Management
Insider-Risk-Hits-Closer-to-Home
Blog

Insider Risk Hits Closer to Home

By Stefanie Shank on Wed, 06/21/2023
If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
PCI DSS 4.0 Requirements 5 and 6
Blog

PCI DSS 4.0 Requirements – Protect from Malicious Software and Maintain Secure Systems and Software

By Editorial Staff on Wed, 06/14/2023
We often hear how a company was compromised by a sophisticated attack. This characterization contains all the romantic thrill of a spy movie, but it is usually not how most companies are victimized. Most breaches usually happen as a result of malware entering the environment. The need to protect against malware is addressed in progressive degrees in...
Compliance
ChatGPT and Data Privacy
Blog

ChatGPT and Data Privacy

By Tripwire Guest Authors on Tue, 06/13/2023
In April 2023, German artist Boris Eldagsen won the open creative award for his photographic entry entitled, Pseudomnesia: The Electrician. But, the confusing part of the event for the judges and the audience was that he refused to receive the award. The reason was that the photograph was generated by an Artificial Intelligence (AI) tool. It was...
Compliance
The Role of the SEC in Enforcing InfoSec Legislation
Blog

The Role of the SEC in Enforcing InfoSec Legislation

By Tripwire Guest Authors on Mon, 06/12/2023
What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work...
Cybersecurity
Compliance
PCI DSS 4.0 Requirements 3 and 4
Blog

PCI DSS 4.0 Requirements – Protect Stored Account Data and Protect Cardholder Data During Transmission

By Editorial Staff on Wed, 06/07/2023
If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from...
Compliance
On-Demand Webinar

ATT&CKing the Center for Internet Security

Thu, 06/01/2023
From the Critical Security Controls to the Community Defense Model, CIS has provided plenty of mappings that show how knowledge from MITRE ATT&CK can be integrated with their offerings. Last year, CIS went a step further, integrating mappings from MITRE ATT&CK into their Benchmarks. This provides a wealth of information to defenders, but too much information can sometimes lead to information...
Compliance
CIS Controls
Cybersecurity-Standards-in-the-Banking-Industry
Blog

Cybersecurity Standards in the Banking Industry

By David Bruce on Wed, 05/31/2023
Cybersecurity has risen to become a major concern for nearly every industry. With the constant stream of news about the escalating numbers of breaches, it is understandable that governments have taken a more active role by passing cybersecurity and privacy legislation. Some of the industries are not top of mind to many people. For example, few...
Cybersecurity
Compliance
Guide

PCI DSS Resource Toolkit

PCI DSS Resources for Seamless Compliance The Payment Card Industry Data Security Standard (PCI DSS) is one of the most widely applied regulatory compliance standards, meaning thousands of organizations can benefit from streamlining their compliance programs to avoid audit fines and protect cardholder data. Fortra’s Tripwire is an authority on how to achieve continuous, automated compliance and...
Compliance
PCI DSS
PCI DSS 4.0: How to Delight the Auditors
Blog

PCI DSS 4.0: How to Delight the Auditors

By Katrina Thompson on Tue, 05/30/2023
While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the...
Compliance