Resources

Guide

Insider Insights for the PCI DSS 4.0 Transition

Is your organization ready for the new PCI DSS 4.0 Standard? To help you make the journey easier and more straightforward, Fortra’s Tripwire gathered strategic implementation advice from top industry insiders.Get detailed guidance on overcoming the challenges posed by each of the PCI DSS 4.0 requirements. Hear from CISOs, cybersecurity analysts,...
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March...
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While...
Guide

PCI DSS Resource Toolkit

Use this toolkit to gain a deeper understanding of where you stand with regards to your PCI DSS compliance program and the transition to PCI DSS 4.0. Establishing PCI DSS compliance goes beyond technical tools and processes: It also requires a shift in thinking about compliance as a cybersecurity process. Lean on advice from compliance experts to help you make consistent progress toward your goals...
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide covers the main...
Blog

Proposed HIPAA Update Makes Yearly Pen Testing Mandatory

In January of this year, significant changes to the HIPAA Security Rule were proposed by the Office of Civil Rights for the Department of Health and Human Services (OCR).The proposed update to the HIPAA Security Rule, published on January 6, 2025, introduces a significant new requirement: all covered entities and business associates must conduct penetration testing of their electronic information...
Blog

How to Stay Compliant with the New HIPAA Security Rule Updates

The Health Insurance Portability and Accountability Act (HIPPA) was established to protect patient privacy and secure health information. While it has been around for nearly two decades, it is evolving to keep up with an increasingly digital world and in response to the skyrocketing number of cyber attacks the industry sees every year.On December 27, 2024, the Department of Health and Human...
Blog

Latest PCI DSS Standards: Use Third Parties – But at Your Own Risk

Third parties have long been the hidden heroes of the payment card industry, providing specialized, streamlined support to merchants looking to host a website or spin up an app. But that convenience is not without a cost.According to PCI DSS 4.0 compliance standards, although merchants are free to use third parties, the responsibility for any incurred security liability will be all theirs. When a...
Blog

CMS ARS: A Blueprint for US Healthcare Data Security and Compliance

Protecting sensitive patient information is more critical than ever. With technologies evolving at a breakneck pace and the number of cyber threats targeting healthcare entities in the United States skyrocketing, healthcare organizations must have robust policies and guardrails in place to ensure patients' confidential information doesn't fall into the wrong hands.One of the essential frameworks...
Blog

Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy

If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.A Little Back StoryIt helps to level-set for anyone who might be coming into this from a non-technical role. We all know PCI DSS (v4.0) is the payment card industry’s compliance standard for...
Blog

Navigating PCI DSS 4.0: Your Guide to Compliance Success

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....
Blog

Addressing Client-Side Risks in PCI DSS 4.0

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes. The Standard includes limited exceptions for specific requirements, classifying them as...
On-Demand Webinar

PCI 4.0 is Here: Your Guide to Navigating Compliance Success

The transition period from PCI DSS 3.2.1 to 4.0 ended on March 31, 2024, a date toward which many organizations have dedicated countless hours of preparation. Looking back on that time, do you know where your compliance efforts stand now? Watch PCI experts Steven Sletten and Jeff Hall in this on-demand webinar PCI 4.0 is Here: Your Guide to Navigating Compliance Success to learn how to...
Blog

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few....
Blog

Managing Financial Crime Risks in Digital Payments

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital...
Blog

Tips for Ensuring HIPAA Compliance

Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private.At the heart of this privacy challenge stands...
Blog

Why Therapists need Data Protection and Cybersecurity

Cybersecurity in Mental Healthcare - The Overlooked RiskDid you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to. It should be noted that...
Blog

How Does PCI DSS 4.0 Affect Web Application Firewalls?

The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance....
Blog

Plastic surgeries warned by the FBI that they are being targeted by cybercriminals

Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients' medical records and photographs that will be later used for extortion. The warning, which was issued by the FBI yesterday and is directed towards plastic surgery offices...