The chief information security officer, or CISO, is essential to the smooth and safe operation of any large organization. Over the past few years, though, the scope and scale of the CISO’s task has increased markedly. No longer simply a head of IT security, the CISO is responsible for a far wider range of cyber defenses and protective measures that extend well beyond the organization’s perimeter...

How proper foundational controls help block today’s advanced threats

The skills gap remains one of the biggest challenges within the cybersecurity industry. To gain more perspective on what organizations are experiencing, Tripwire partnered with Dimensional Research to survey 342 security professionals on this issue. This study explores hiring trends, how security teams are changing, and how they plan to address the issue in the face of growing cyber threats. ...

As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...

In response to the coronavirus ("COVID-19") pandemic, the Office of Management and Budget (OMB) made an unprecedented call for agencies to maximize telework flexibilities, resulting in 78 percent of the federal workforce working remotely. This abrupt and wide-scale shift to a remote work environment required agency security teams to adjust with little to no planning, placed a tremendous strain on...

The retail industry always has to make special preparations for the holiday season. That was especially the case this year. With Covid-19 disrupting shopping behaviors and creating a surge in online shopping, security teams at these retail organizations have had to make adjustments as well. Tripwire partnered with Dimensional Research to understand how retail organizations are adapting their...

As an organization’s infrastructure becomes more and more connected and complicated, it becomes more important than ever to have a safe and protected way for employees to access systems remotely. This is not just a challenge for IT environments, but OT environments as well. Nearly half of the Fortune 2000 organizations consider OT networks to be critical components of their business1. It’s...

In information security, it’s often said, “It’s not a matter of if, but when” an organization will be hit by a breach—it's an accepted fact that preventative controls will eventually fail to keep attackers out. And now, with high-impact vulnerabilities like Heartbleed and Shellshock being discovered with some regularity, the likelihood of a serious breach is greater than ever. In this paper, we highlight how the tactics and strategies to respond to high-impact vulnerabilities differ from those used in other security events, outline the steps you can take to prepare for these vulnerabilities before they hit, and provide insight into incident response strategies.

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. ...

Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in the future. This...

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...