Resources
On-Demand Webinar

Insights for Navigating PCI-DSS 4.0 Milestones

With the PCI-DSS 4.0 implementation deadline looming just around the corner in 2024, financial companies have no time to waste when it comes to reaching key compliance milestones. Watch this on-demand webinar presented by Fortra’s Tripwire and BankInfoSecurity.com designed to help you get—and stay—on track for PCI 4.0 compliance. Hear from industry experts on preparing for PCI 4.0 using a simple...
Compliance
PCI DSS
Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Compliance
PCI DSS
Dont-fail-an-audit-over-a-neglected-annual-policy-review
Blog

Don’t fail an audit over a neglected annual policy review

By Tripwire Guest Authors on Mon, 03/20/2023
When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed...
Compliance
ISO27001 Updates: Change is afoot
Blog

ISO27001 Updates: Change is afoot

By Tripwire Guest Authors on Mon, 03/13/2023
If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information...
Compliance
The-Language-of-Cybersecurity-Frameworks-Guidance-Regulations-and-Standards
Blog

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

By Bob Covello on Wed, 02/15/2023
When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies...
Cybersecurity
Compliance
Pylon and cables
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood....
Compliance
NIST
Industrial Control Systems
Tripwire-Enterprise-9.0-What-you-need-to-know
Blog

Tripwire Enterprise 9.0: What you need to know

By David Bruce on Wed, 01/04/2023
Tripwire recently announced the release of Tripwire Enterprise (TE), version 9.0, Axon Agent 3.27, and TE Agent 9.0.0. While the full list of features may be viewed on our web site, as a product manager, I wanted to take some time to introduce some of the changes in this new release. What’s new in Tripwire Enterprise 9.0? The first significant...
Cybersecurity
File Integrity & Change Monitoring
How FIM Protects Assets in a Borderless World
Blog

How FIM Protects Assets in a Borderless World

By Tripwire Guest Authors on Mon, 12/19/2022
Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise....
Cybersecurity
File Integrity & Change Monitoring
Integrity Monitoring Use Cases: Compliance
Blog

Tripwire Enterprise Use Cases – Advanced Monitoring

By David Bruce on Tue, 11/29/2022
Many people remember where they were during historic events. Whether it is a personal, or a public occurrence, it’s just human nature to remember these significant moments. Every profession also has its share of memorable events. In medicine, those who were in the profession will remember where they were when they heard about the first heart...
Cybersecurity
File Integrity & Change Monitoring
Integrity Monitoring Use Cases: Compliance
Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

By David Bruce on Wed, 11/23/2022
In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA,...
Vulnerability & Risk Management
Compliance
Security Configuration Management
Information-security-compliance-why-its-more-important-than-ever
Blog

Information security compliance: why it’s more important than ever

By Tripwire Guest Authors on Wed, 11/16/2022
Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities. Companies that handle sensitive data may find themselves the target and...
Cybersecurity
Compliance
Integrity Monitoring Use Cases: Compliance
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

By David Bruce on Fri, 11/11/2022
In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA...
Cybersecurity
Compliance
Security Configuration Management
Getting started with Zero Trust: What you need to consider
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which...
Cybersecurity
Compliance
NIST
Security Configuration Management
Privacy Updates in Q2 2022: Major Developments Across the Globe
Blog

Privacy Updates in Q3 2022: Major Developments Across the Globe

By Tripwire Guest Authors on Fri, 11/04/2022
The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
Integrity Monitoring Use Cases: Compliance
Blog

Integrity Monitoring Use Cases: Security

By David Bruce on Thu, 11/03/2022
Compliance is an essential aspect of every organization, and in business terms, it entails ensuring that organizations of all sizes, and their personnel, comply with national and international regulations, such as GDPR, HIPAA, and SOX. When guaranteeing compliance, many firms frequently overlook security. Gary Hibberd states that compliance...
Compliance
File Integrity & Change Monitoring
Brace yourself – ISO27001 changes are coming
Blog

Brace yourself – ISO27001 changes are coming

By Tripwire Guest Authors on Wed, 11/02/2022
If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations...
Cybersecurity
Compliance
New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable
Blog

New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable

By Tripwire Guest Authors on Tue, 10/25/2022
If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
Why Law Firms Should Use Integrity Monitoring to Maintain Confidentiality
Blog

Why Law Firms Should Use Integrity Monitoring to Maintain Confidentiality

By Tripwire Guest Authors on Mon, 10/24/2022
Law firms owe their clients several types of duties, such as the duty of care, duty to provide competent representation, as well as other ethical responsibilities. Their duties even extend to former clients and must be upheld long after they no longer have a formal attorney-client relationship. More specifically, lawyers have a duty to not disclose...
File Integrity & Change Monitoring
What Does the Industry Want to Improve on NIST Cybersecurity Framework 2.0
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022
The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with...
Compliance
NIST
Industrial Control Systems