Resources

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program. While these cybersecurity...

Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024

Image One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into...

Blog

General Data Protection Regulation (GDPR) – The Story So Far

By Gary Hibberd on Tue, 09/19/2023

Image Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes,...

Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. ...

Compliance

CIS Controls

FISMA

GDPR

HIPAA

NERC CIP

NIST

PCI DSS

SOX

Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will...

Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

By Tripwire Guest Authors on Thu, 10/20/2022

Image In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation. This process caused delays while teams worked on...

Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s...

Compliance

CIS Controls

FISMA

GDPR

HIPAA

NIST

PCI DSS

Guide

Getting Up to Speed on GDPR

Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their...

Guide

The Executive's Guide to the CIS Controls

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors. This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide...

Blog

CIS Control 18 Penetration Testing

By Matthew Jerzewski on Wed, 05/11/2022

Image Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a...

Blog

CIS Control 17: Incident Response Management

By Tyler Reguly on Wed, 04/27/2022

Image We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not...

Blog

CIS Control 16 Application Software Security

By Matthew Jerzewski on Wed, 04/20/2022

Image The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations...

Blog

CIS Control 15: Service Provider Management

By Matthew Jerzewski on Wed, 02/23/2022

Image Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important. Key Takeaways from Control 15 Identify your...

Blog

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

By David Bisson on Tue, 01/18/2022

Image Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with...

Blog

CIS Control 14: Security Awareness and Skill Training

By Andrew Swoboda on Wed, 12/08/2021

Image Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to...

Blog

CIS Control 13: Network Monitoring and Defense

By Lane Thames on Wed, 12/01/2021

Image Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises...

Blog

CIS Control 12: Network Infrastructure Management

By Lane Thames on Wed, 11/24/2021

Image Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately,...

Blog

CIS Control 11: Data Recovery

Wed, 11/03/2021

Image Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to...

Blog

CIS Control 10: Malware Defenses

By Tyler Reguly on Wed, 10/27/2021

Image With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that...

Blog

CIS Control 09: Email and Web Browser Protections

By Andrew Swoboda on Wed, 10/20/2021

Image Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with...

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Resolving Top Security Misconfigurations: What you need to know

General Data Protection Regulation (GDPR) – The Story So Far

How Managed Services Can Help With Cybersecurity Compliance

Getting in Control of Financial Services Cybersecurity Regulations

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

Getting Up to Speed on GDPR

The Executive's Guide to the CIS Controls

CIS Control 18 Penetration Testing

CIS Control 17: Incident Response Management

CIS Control 16 Application Software Security

CIS Control 15: Service Provider Management

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

CIS Control 14: Security Awareness and Skill Training

CIS Control 13: Network Monitoring and Defense

CIS Control 12: Network Infrastructure Management

CIS Control 11: Data Recovery

CIS Control 10: Malware Defenses

CIS Control 09: Email and Web Browser Protections

Contact Information

Privacy Policy

Cookie Policy

Impressum