Guide
5 Critical Steps: Complete Security Risk and Compliance Lifecycle for Government
Maintaining security and compliance in today’s ever-changing environment is a never-ending task. To manage that task, the most successful government organizations adopt a systematic approach that promotes continuous improvement.
Tripwire is a leading provider of enterprise-class foundational controls for federal security, compliance, and IT operations. We listened to our customers to understand...
Guide
Foundational Controls Buyer's Guide
As your organization grows, your technology landscape becomes increasingly more sophisticated and complex. You need foundational controls to keep your organization secure, compliant and available. Foundational controls have proven to deliver a highly effective and efficient level of defense against the majority of real world attacks and provide the necessary foundation for dealing with more...
Guide
Getting Up to Speed on GDPR
Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their business.
...
Guide
Governance, Risk, and Compliance
Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide
FISMA SI-7 Buyer's Guide
The FISMA SI-7 Buyer’s Guide focuses on one of the most difficult security controls agencies must adhere to: NIST 800-53 SI-7. Learn what solutions to look for.
Guide
The Executive's Guide to the CIS Controls
See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors.
This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide range of topics...
Guide
Essential PCI DSS v4.0 Transition Checklist
The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Guide
Closing the Integrity Gap with NIST's Cybersecurity Framework
When the National Institute of Standards and Technology (NIST) announced that it had released its new Cybersecurity Framework in 2014, it appeared on the surface to be just one more option for organizations looking to develop a cohesive and effective cyber risk management strategy. Indeed, there are dozens of choices available and organizations have been all over the map when it comes to deciding...
Guide
How to Achieve Compliance with the NIS Directive
Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives. For example, such systems are...
Guide
9 Steps for Maturing Beyond Checkbox Compliance
A common mistake many organizations make is approaching cybersecurity as a series of actions taken in order to check the right compliance boxes. If this sounds familiar, it’s likely that you’ve witnessed something similar to the cycle of crisis-driven audit preparation, a suspenseful audit, remediating based on those findings, and waiting until the next hurried audit preparation phase returns.
...
Guide
Guide to Mastering Configuration Management
Download this free guide to learn best practices, how to use SCM to stay compliance and implementation steps.
Blog
PCI 4.0: The wider meanings of the new Standard
By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.
In our series about how the new standard differs from...
Blog
What you need to know about PCI 4.0: Requirements 10, 11 and 12
By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in...
Blog
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update.
Requirements 5 through 9 are organized under two categories:
Maintain a Vulnerability Management...
Blog
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems for...
Blog
CIS Control 18 Penetration Testing
By Matthew Jerzewski on Wed, 05/11/2022
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased 10%...
Blog
PCI DSS 4.0 and ISO 27001 – the dynamic duo
By Tripwire Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.
We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by...
Blog
CIS Control 17: Incident Response Management
By Tyler Reguly on Wed, 04/27/2022
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeeded in...