Resources
Datasheet

Achieving NIA Compliance with Fortra

The National Information Assurance (NIA) Policy provides organizations with the necessary cybersecurity foundation and the relevant tools to enable the implementation of a full-fledged Information Security Management System. Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks such as the NIA. The NIA policy guides organizations in classifying the impact of...
Compliance
CISA Cybersecurity Strategic Plan: What you need to know
Blog

CISA Cybersecurity Strategic Plan: What you need to know

By Stefanie Shank on Mon, 08/21/2023
The United States stands at a pivotal juncture for true digital and cyber security, with unlimited potential. The 2023 U.S. National Cybersecurity Strategy presents a fresh perspective on safeguarding digital territory—a perspective rooted in collaboration, innovation, and accountability. This moment poses a critical consideration of whether to...
Vulnerability & Risk Management
Cybersecurity
Compliance
On-Demand Webinar

Expert Compliance Automation Tips for Financial Services

Thu, 08/17/2023
Cybersecurity compliance standards like the Payment Card Industry Data Security Standard (PCI DSS) and Society for Worldwide Interbank Financial Telecommunications (SWIFT) do an excellent job of hardening systems against breaches. This is especially important in the financial services sector, a common target for cybercriminals. This on-demand webinar presented by Senior Solutions Engineer Dan...
Compliance
CIS Controls
FISMA
GDPR
PCI DSS
SOX
what-is-the-general-data-protection-regulation
Blog

What is the General Data Protection Regulation (GDPR)?

By Josh Breaker-Rolfe on Tue, 08/01/2023
The General Data Protection Regulation (GDPR) is a set of privacy and security standards put into effect by the European Union (EU). Widely accepted as the world's strictest security and privacy law, GDPR imposes regulations on organizations that target or collect data relating to people in the EU. European Parliament signed GDPR into law in 2016,...
Cybersecurity
Compliance
attcking-the-center-for-internet-security
Blog

ATT&CKing the Center for Internet Security

By Tyler Reguly on Tue, 07/25/2023
I recently spoke at a Fortra Webinar about CIS and MITRE. More specifically, I discussed the intersection between the CIS Critical Security Controls, CIS Benchmarks, and MITRE ATT&CK. In this post, I won't go into deep details about the core background, but there are plenty of excellent references available online, including our breakdown of the...
Cybersecurity
Compliance
Incident Detection & Investigation
what-is-swift-eight-things-you-need-to-know.
Blog

What is SWIFT? 8 Things You Need to Know

By Tripwire Guest Authors on Mon, 07/24/2023
In our increasingly digital world, global communications and financial interactions are nigh inescapable for anyone in any industry or walk of life. The infrastructure in place for international transactions is complex and layered, containing moving parts that work in tandem to make things like transferring money nearly seamless. Many of those...
Cybersecurity
Compliance
how-the-nis2-directive-will-impact-you
Blog

How the NIS2 Directive Will Impact You

By Gary Hibberd on Tue, 07/11/2023
Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the...
Cybersecurity
Compliance
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NERC CIP
NIST
PCI DSS
SOX
PCI DSS 4.0 Requirements 11 and 12
Blog

PCI DSS 4.0 Requirements –Test Security Regularly and Support Information Security with Organizational Policies and Programs

By Editorial Staff on Wed, 07/05/2023
The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...
Compliance
5-things-everyone-needs-to-know-about-grc
Blog

5 Things Everyone Needs to Know About GRC

By Anastasios Arampatzis on Tue, 07/04/2023
Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk...
Cybersecurity
Compliance
Is CMMC 2.0 Rollout on the Horizon?
Blog

Is the CMMC 2.0 Rollout on the Horizon?

By Tripwire Guest Authors on Wed, 06/28/2023
The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect...
Compliance
What is the Gramm-Leach-Bliley Act (GLBA)?
Blog

What is the Gramm-Leach-Bliley Act (GLBA)?

By Josh Breaker-Rolfe on Tue, 06/27/2023
The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It...
Cybersecurity
Compliance
A Sarbanes-Oxley Act (SOX) IT Compliance Primer
Blog

A Sarbanes-Oxley Act (SOX) IT Compliance Primer

By Anthony Israel-Davis on Mon, 06/26/2023
At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley...
Compliance
Security Configuration Management
PCI DSS 4.0 Requirements 5 and 6
Blog

PCI DSS 4.0 Requirements – Protect from Malicious Software and Maintain Secure Systems and Software

By Editorial Staff on Wed, 06/14/2023
We often hear how a company was compromised by a sophisticated attack. This characterization contains all the romantic thrill of a spy movie, but it is usually not how most companies are victimized. Most breaches usually happen as a result of malware entering the environment. The need to protect against malware is addressed in progressive degrees in...
Compliance
ChatGPT and Data Privacy
Blog

ChatGPT and Data Privacy

By Tripwire Guest Authors on Tue, 06/13/2023
In April 2023, German artist Boris Eldagsen won the open creative award for his photographic entry entitled, Pseudomnesia: The Electrician. But, the confusing part of the event for the judges and the audience was that he refused to receive the award. The reason was that the photograph was generated by an Artificial Intelligence (AI) tool. It was...
Compliance
The Role of the SEC in Enforcing InfoSec Legislation
Blog

The Role of the SEC in Enforcing InfoSec Legislation

By Tripwire Guest Authors on Mon, 06/12/2023
What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work...
Cybersecurity
Compliance
PCI DSS 4.0 Requirements 3 and 4
Blog

PCI DSS 4.0 Requirements – Protect Stored Account Data and Protect Cardholder Data During Transmission

By Editorial Staff on Wed, 06/07/2023
If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from...
Compliance
On-Demand Webinar

ATT&CKing the Center for Internet Security

Thu, 06/01/2023
From the Critical Security Controls to the Community Defense Model, CIS has provided plenty of mappings that show how knowledge from MITRE ATT&CK can be integrated with their offerings. Last year, CIS went a step further, integrating mappings from MITRE ATT&CK into their Benchmarks. This provides a wealth of information to defenders, but too much information can sometimes lead to information...
Compliance
CIS Controls