Guide
Governance, Risk, and Compliance
Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide
Adjusting to the Reality of Risk Management Framework
The Risk Management Framework (RMF) is an approach to systems security management that adjusts security controls based on risk factors. The practice involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security.
Federal entities need to understand and utilize RMF as...
Guide
Building a Mature Vulnerability Management Program
A successful vulnerability management program requires more than the right technology. It requires dedicated people and mature processes. When done properly, the result can be a continuously improving risk management system for your organization.
This white paper was written by CISSP-certified Tripwire system engineers with extensive experience in implementation of vulnerability management...
Datasheet
Tripwire Vulnerability Risk Metrics
A vulnerability management program should provide a series of metrics that outline the vulnerability risk to the organization and how the risk posture is trending. In addition to this, reports should be provided which show system owners which vulnerabilities pose the greatest risk to the organization and how to remediate them. This report outlines recommendations for vulnerability management...
Guide
The Five Stages of Vulnerability Management Maturity
One key element of an effective information security program within your organization is having a good vulnerability management (VM) program, as it can identify critical risks. Most, if not all, regulatory policies require a VM program, and information security frameworks advise implementing VM as one of first things an organization should do when building their information security program.
...
Datasheet
Calculating the ROI of a Vulnerability Management Program
Return on investment on IT security infrastructure purchases (solutions and products) has traditionally been hard to quantify. However, there are some compelling aspects of securing an organization’s infrastructure that can be identified and quantified. This discipline will continue to evolve as organizations focus on managing and balancing their security expenses and strive to control the...
Datasheet
Tripwire Vulnerability Scoring System
Vulnerability and Risk Analysis
Measuring and managing the security risk associated with information and information technology remains one of the most challenging and debated problems faced by all levels of an organization. While scoring standards designed to assist with solving this problem have been developed over the past decade, a select few have accomplished this and those that have are...
Datasheet
Tripwire Vulnerability Intelligence
There’s not enough time in the day to investigate every system change and remediate every vulnerability. Ever-evolving capabilities of cyber adversaries—coupled with the dynamic nature of corporate networks— makes security prioritization increasingly difficult. With Tripwire® Enterprise and Tripwire IP360™ managed service offerings, you can minimize the amount of time you spend addressing high...
Datasheet
The Tripwire NERC CIP Solution Suite
The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system (BES). Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to follow to ensure...
Datasheet
Tripwire IP360 Agent-Based Vulnerability Management
When should your security strategy include agent-based monitoring? It can be difficult to discern when and how to incorporate agents into your vulnerability management processes. There are several instances in which agent-based monitoring offers superior support and protection across your networks. But that doesn’t mean you need to opt for a 100 percent agent-based approach, either. There are...
Datasheet
Tripwire Asset Discovery Appliance
Tripwire® Asset Discovery Appliance discovers all networked hosts, applications and services. By providing a comprehensive view of devices and software on your network, you gain the foundation for effective security configuration management and compliance processes. Only this appliance provides low bandwidth, non-intrusive host and network profiling for use with Tripwire Enterprise.
Tripwire...
Datasheet
Tripwire Resident Engineers
The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Datasheet
Tripwire Resident Engineers for Federal Agencies
The cybersecurity skills gap leaves Federal agencies without adequate staffing for the operation of their security tools. High turnover rates can also cause agencies to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote work...
Datasheet
NERC CIP 013 Compliance
More attention is being paid to risks around the supply chain in the bulk electricity system (BES). When third-party vendors introduce new products, software and personnel into a power supplier’s environment, the potential for new cyber risks increases.
For this reason, the North American Electric Reliability Corporation (NERC) recently added a new set of requirements to its Critical...
Datasheet
Achieving Resilience While Fulfilling NERC CIP Requirements
Some of our nation’s most critical physical infrastructure is represented by the national Bulk Electric Systems (BES). Today’s digital world relies upon this interconnected network of power generation and transmission systems more than ever. To ensure the reliability and resilience of that network, providers must continually manage threats to the infrastructure, including many that relate to...
Datasheet
NERC CIP Best Practices: The Tripwire Approach
Industrial operators subject to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standard know that achieving compliance is no minor feat, and serious strategic consideration is required to ensure efficient resource use in the compliance process. By meeting NERC CIP compliance, these companies take important steps towards securing their IT/OT...
Datasheet
NERC CIP Compliance with Tripwire and RedSeal
The NERC Critical Infrastructure Protection standards are designed to enhance reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit ready with the resources required to achieve and maintain compliance. NERC CIP version 6 increases the amount of work...
Datasheet
NERC CIP Compliance with Tripwire and SigmaFlow
The NERC Critical Infrastructure Protection standards are designed to enhance the reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit-ready with the resources required to achieve and maintain compliance. NERC CIP compliance, especially when...