Resources

Blog

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

By Tripwire Guest Authors on Tue, 02/20/2024

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few. Though...

Blog

Managing Financial Crime Risks in Digital Payments

By Chester Avey on Thu, 02/01/2024

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital...

Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. ...

Blog

How Does PCI DSS 4.0 Affect Web Application Firewalls?

By Josh Davies on Mon, 01/08/2024

The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance. The...

Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

By Tripwire Guest Authors on Thu, 10/20/2022

In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation. This process caused delays while teams worked on remediation or, worse yet, it...

Blog

Integrity Monitoring Use Cases: Compliance

By David Bruce on Wed, 10/19/2022

What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In...

Blog

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

By Tripwire Guest Authors on Wed, 08/31/2022

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in...

Blog

A 5 Step Checklist for Complying with PCI DSS 4.0

By Tripwire Guest Authors on Mon, 08/15/2022

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online...

Datasheet

Tripwire ExpertOps and PCI

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft,...

Datasheet

Tripwire Enterprise and Cisco AMP Threat Grid

Overview There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices, and start defending...

Datasheet

Tripwire Resident Engineers

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...

Datasheet

Tripwire’s Solutions for Automated, Continuous PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments secure the cardholder environment to prevent credit card fraud, cyber threats, and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting, and storing credit card data to minimize the theft,...

Datasheet

The CIS Controls and Tripwire Solutions

Many organizations face the challenging threat environment by strategically choosing a security controls framework as a reference for initiating, implementing, measuring, and evaluating their security posture, as well as managing risk. While many frameworks are available, one of the most notable and commonly used is the Center for Internet Security’s CIS Controls. This well known framework has...

Datasheet

MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping

It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data. Instead, you need to narrow your focus to make your efforts truly impactful. But which of the countless potential cybersecurity attacks out there should you choose to prioritize? MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework and the Center for...

Blog

PCI 4.0: The wider meanings of the new Standard

By David Bruce on Wed, 07/06/2022

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs from...

Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

By David Bruce on Wed, 06/29/2022

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in...

Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

By David Bruce on Wed, 06/22/2022

In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability Management...

Blog

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

By David Bruce on Tue, 06/14/2022

The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems for...

Blog

CIS Control 18 Penetration Testing

By Matthew Jerzewski on Wed, 05/11/2022

Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased 10%...

Blog

PCI DSS 4.0 and ISO 27001 – the dynamic duo

By Tripwire Guest Authors on Wed, 04/27/2022

It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by...

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

Managing Financial Crime Risks in Digital Payments

Resolving Top Security Misconfigurations: What you need to know

How Does PCI DSS 4.0 Affect Web Application Firewalls?

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

Integrity Monitoring Use Cases: Compliance

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

A 5 Step Checklist for Complying with PCI DSS 4.0

Tripwire ExpertOps and PCI

Tripwire Enterprise and Cisco AMP Threat Grid

Tripwire Resident Engineers

Tripwire’s Solutions for Automated, Continuous PCI Compliance

The CIS Controls and Tripwire Solutions

MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping

PCI 4.0: The wider meanings of the new Standard

What you need to know about PCI 4.0: Requirements 10, 11 and 12

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

CIS Control 18 Penetration Testing

PCI DSS 4.0 and ISO 27001 – the dynamic duo

Contact Information

Privacy Policy

Cookie Policy

Impressum