Resources
Guide

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Compliance
PCI DSS
SOX
Guide

Sustaining SOX Compliance Through Automation Using COBIT Framework

Achieving compliance with the Sarbanes-Oxley Act (SOX) can be a monumental effort. Maintaining those controls and audit reporting on an ongoing basis can be even more difficult. The SEC recommends automated controls for more efficient and effective compliance results. This white paper details the SOX requirements that are best addressed by automated controls using the COBIT framework in two core...
Compliance
SOX
Guide

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. ...
Compliance
NERC CIP
Industrial Control Systems
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide

How Infosec Teams Can Overcome the Skills Gap

Does your organization have enough cybersecurity staff with a high level of expertise? If not, you’re not alone. The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83 percent of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85 percent) stated that...
Cybersecurity Skills Gap
Guide

The Executive's Guide to the CIS Controls

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors. This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide range of topics...
Compliance
CIS Controls
Security Configuration Management
Guide

Communicating Cybersecurity to Boards and Executives: A Workbook to Help Build Cybersecurity Literacy

We’ve all heard, “it’s not a matter of if you’ll be breached, but when.” If a breach occurs, is your organization prepared to detect it quickly? Now more than ever, corporate executives and boards are asking for assurance that the organization and its sensitive data is adequately protected. This cybersecurity self-assessment is derived from the Cyber-Risk and Oversight Handbook developed by the...
Cybersecurity Skills Gap
Datasheet

The Tripwire NERC CIP Solution Suite

The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system (BES). Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to follow to ensure...
Compliance
NERC CIP
Datasheet

Tripwire ExpertOps

Many IT teams are facing challenging skills gaps or struggling with optimizing their cybersecurity software. It might be that your team is too small for their responsibilities, or that you’re finding it difficult to attract, train, and retain talent. Turnover is a common problem, with organizations and agencies often losing skilled individuals to new opportunities. Fortunately, strategically...
Cybersecurity Skills Gap
Managed Security Services
Datasheet

Tripwire ExpertOps and SOX

The Sarbanes-Oxley Act (SOX) requires all publicly held companies to establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. SOX is not specific on the types of controls that are required, but points to the COBIT framework to provide organizations’ guidance on their IT governance. The Challenge Change is ever occurring in your systems...
Compliance
SOX
Datasheet

Tripwire ExpertOps and NIST 800-171

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the Internet and other networks for business, operations and research. Information about citizens, banking and finance,...
Compliance
NIST
Datasheet

Tripwire Enterprise and Cisco AMP Threat Grid

Overview There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices, and start defending...
Compliance
CIS Controls
Datasheet

Tripwire Resident Engineers

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Compliance
NERC CIP
NIST
PCI DSS
SOX
Datasheet

Tripwire Resident Engineers for Federal Agencies

The cybersecurity skills gap leaves Federal agencies without adequate staffing for the operation of their security tools. High turnover rates can also cause agencies to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote work...
Compliance
NERC CIP
NIST
Datasheet

NERC CIP 013 Compliance

More attention is being paid to risks around the supply chain in the bulk electricity system (BES). When third-party vendors introduce new products, software and personnel into a power supplier’s environment, the potential for new cyber risks increases. For this reason, the North American Electric Reliability Corporation (NERC) recently added a new set of requirements to its Critical...
Compliance
NERC CIP
Datasheet

Achieving Resilience While Fulfilling NERC CIP Requirements

Some of our nation’s most critical physical infrastructure is represented by the national Bulk Electric Systems (BES). Today’s digital world relies upon this interconnected network of power generation and transmission systems more than ever. To ensure the reliability and resilience of that network, providers must continually manage threats to the infrastructure, including many that relate to...
Compliance
NERC CIP
Datasheet

NERC CIP Best Practices: The Tripwire Approach

Industrial operators subject to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standard know that achieving compliance is no minor feat, and serious strategic consideration is required to ensure efficient resource use in the compliance process. By meeting NERC CIP compliance, these companies take important steps towards securing their IT/OT...
Compliance
NERC CIP
Datasheet

NERC CIP Compliance with Tripwire and RedSeal

The NERC Critical Infrastructure Protection standards are designed to enhance reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit ready with the resources required to achieve and maintain compliance. NERC CIP version 6 increases the amount of work...
Compliance
NERC CIP
Datasheet

NERC CIP Compliance with Tripwire and SigmaFlow

The NERC Critical Infrastructure Protection standards are designed to enhance the reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit-ready with the resources required to achieve and maintain compliance. NERC CIP compliance, especially when...
Compliance
NERC CIP