Resources

Live Webinar
The Center for Internet Security (CIS) Critical Security Controls (CSC) are a trusted source of truth in the cybersecurity community. Many organizations implement the CIS CSC framework to ensure their cybersecurity programs are functioning at peak effectiveness. The latest iteration, CIS CSC v8.1, was released earlier this year. Join Matthew Jerzewski, Cybersecurity Researcher...
Blog

CIS Control 15: Service Provider Management

Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important.Key Takeaways from Control 15Identify your business needs and create a set of standards that can be used to grade service...
Blog

CIS Control 16: Application Software Security

The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and...
Blog

CIS Control 17: Incident Response Management

We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeed in responding to the threat.Key TakeawaysOne takeaway...
Blog

Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.While diligent adherence to regulatory requirements is not a...
Blog

CIS Control 18: Penetration Testing

Penetration testing is something that more companies and organizations should be considering as a necessary expense. I say this because, over the years, the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2024,” the average cost of a breach has increased 10% year over year, with the healthcare...
Blog

The Role of the NIST CSF in Cyber Resilience

Resilience is one of the hottest topics of the moment, but for good reason. For most organizations, suffering a cyberattack is a matter of when, not if. Attackers are, lamentably, always one step ahead of defenders and, as such, responding to an attack and maintaining business operations have become arguably more important than protecting an organization in the first place. The NIST Cybersecurity...
Blog

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture.However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF. This process can...
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Blog

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Blog

The Impact of NIST SP 800-171 on SMBs

From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...
Blog

Resolving Top Security Misconfigurations: What you need to know

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. ...
Blog

NIST CSF 2.0: What you need to know

Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any organization mature its IT security posture. Recently, the institute published an...
Blog

Closing Integrity Gaps with NIST CSF

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...
Blog

General Data Protection Regulation (GDPR) – The Story So Far

Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a...
On-Demand Webinar

Expert Compliance Automation Tips for Financial Services

Cybersecurity compliance standards like the Payment Card Industry Data Security Standard (PCI DSS) and Society for Worldwide Interbank Financial Telecommunications (SWIFT) do an excellent job of hardening systems against breaches. This is especially important in the financial services sector, a common target for cybercriminals. This on-demand webinar presented by Senior Solutions Engineer Dan...
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
On-Demand Webinar

ATT&CKing the Center for Internet Security

From the Critical Security Controls to the Community Defense Model, CIS has provided plenty of mappings that show how knowledge from MITRE ATT&CK can be integrated with their offerings. Last year, CIS went a step further, integrating mappings from MITRE ATT&CK into their Benchmarks. This provides a wealth of information to defenders, but too much information can sometimes lead to information...
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will cover the main...