Resources

Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives

Escalating cyberthreats in the oil and gas industry underscore the need for substantial collaboration between public and private sectors to mitigate this national security risk, and much of this responsibility falls on the shoulders of individual pipeline operators who need to comply with the Transportation Security Administration (TSA) Security Directive. Despite being best known for its role in...

Blog

VERT Threat Alert: May 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/14/2024

Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-30040 Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object Linking and Embedding (OLE) mitigation bypass in...

Blog

Tripwire Products: Quick Reference Guide

By Megan Freshley on Mon, 05/15/2023

Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit . But today we’d like to offer a straight-forward roundup of Fortra's Tripwire product suite. Get to know the basics of Tripwire’s core solutions for file integrity monitoring (FIM), security configuration management (SCM), vulnerability...

Guide

Vulnerability Management Article Anthology

Guide

Multi-Cloud Security Best Practice Guide

When you opt to use multiple cloud providers, you’re implementing a multi-cloud strategy. This practice is increasingly common, and can refer to mixing SaaS (software as a service) and PaaS (platform as a service) offerings as well as public cloud environments that fall under the IaaS (infrastructure as a service) category. The most common public cloud environments today are Amazon Web Services...

Guide

Understanding Your Attack Surface: The First Step in Risk-based Security Intelligence

As chief information security officer (CISO), it’s now a job requirement to effectively communicate with your non-technical C-suite and board of directors—preferably not just after there’s been a breach. This is the first in a series of executive white papers designed to share strategies for reducing your attack surface risk as well as how to clearly and objectively communicate your overall security posture to non-technical executives. Download this white paper and learn about: The definition of “attack surface” — and risks associated Design goals of attack surface analytics What non-technical C-suite executives and board members want

Guide

Adjusting to the Reality of Risk Management Framework

The Risk Management Framework ( RMF ) is an approach to systems security management that adjusts security controls based on risk factors. The practice involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security. Federal entities need to understand and utilize RMF as a core part of their FISMA compliance activities...

Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives

VERT Threat Alert: May 2024 Patch Tuesday Analysis

Tripwire Products: Quick Reference Guide

Vulnerability Management Article Anthology

Multi-Cloud Security Best Practice Guide

Understanding Your Attack Surface: The First Step in Risk-based Security Intelligence

Adjusting to the Reality of Risk Management Framework

Contact Information

Privacy Policy

Cookie Policy

Impressum