Resources
Guide

Sustaining SOX Compliance Through Automation Using COBIT Framework

Achieving compliance with the Sarbanes-Oxley Act (SOX) can be a monumental effort. Maintaining those controls and audit reporting on an ongoing basis can be even more difficult. The SEC recommends automated controls for more efficient and effective compliance results. This white paper details the SOX requirements that are best addressed by automated controls using the COBIT framework in two core...
Compliance
SOX
Guide

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Compliance
PCI DSS
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Compliance
PCI DSS
Guide

Actionable Threat Intelligence: Automated IoC Matching with Tripwire

A key security challenge is finding and rooting out malware that has already become embedded on key assets. Organizations today have myriad threat intelligence sources to leverage. However, simply getting the intelligence into your organization is not enough. Unless you have a way to operationalize myriad threat intelligence sources to make it actionable and useful, threat intelligence just...
Incident Detection & Investigation
Datasheet

Tripwire ExpertOps and SOX

The Sarbanes-Oxley Act (SOX) requires all publicly held companies to establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. SOX is not specific on the types of controls that are required, but points to the COBIT framework to provide organizations’ guidance on their IT governance. The Challenge Change is ever occurring in your systems...
Compliance
SOX
Datasheet

Tripwire ExpertOps and NIST 800-171

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the Internet and other networks for business, operations and research. Information about citizens, banking and finance,...
Compliance
NIST
Datasheet

Tripwire ExpertOps and PCI

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft,...
Compliance
PCI DSS
Datasheet

Tripwire Resident Engineers

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Compliance
NERC CIP
NIST
PCI DSS
SOX
Datasheet

Tripwire Resident Engineers for Federal Agencies

The cybersecurity skills gap leaves Federal agencies without adequate staffing for the operation of their security tools. High turnover rates can also cause agencies to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote work...
Compliance
NERC CIP
NIST
Datasheet

Tripwire’s Solutions for Automated, Continuous PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments secure the cardholder environment to prevent credit card fraud, cyber threats, and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting, and storing credit card data to minimize the theft,...
Compliance
PCI DSS
Datasheet

Improving your Cybersecurity Posture with the NIST Cybersecurity Framework

There isn’t an industry that hasn’t been affected by cyber threats, and the broadcast industry is no exception. In April 2015, France’s TV5Monde was attacked, resulting in eleven of its channels going dark and its social media outlets commandeered to display pro-Islamic State messages. This was preceded by an attack on WBOC in Salisbury, Maryland, where their Twitter account and website were...
Compliance
NIST
Datasheet

Maintaining the Security and Integrity of Electronic Health Record Systems

The value of electronic health record (EHR) systems is immense. These digital records are designed to be available anytime and anywhere, connecting healthcare providers with patient data. EHRs are a central repository of patient medical histories, medications, diagnoses, immunization dates, allergies, lab results and radiology images. With access to this accurate patient information, providers can...
Compliance
HIPAA
NIST
Datasheet

10 Ways Tripwire Outperforms Other Cybersecurity Solutions

As a security professional, you’re tasked with protecting your organization against attacks, detecting threats, identifying vulnerabilities and hardening configurations. But in an increasingly crowded marketplace, how do you choose the right cybersecurity partner? From experience and technical innovation to security expertise, Fortra's Tripwire stands out from the competition. Here are 10 reasons...
Vulnerability & Risk Management
Incident Detection & Investigation
IT Security Operations & Asset Discovery
Security Configuration Management
Case Study

Payment Processor for Businesses

As a recognized leader in the payment processing sector, this company offers its clients hundreds of secure payment methods across multiple platforms, around the globe. Onan average day it processes tens of millions of mobile, online and in-store transactions in 100+ currencies. After experiencing a security incident that was quickly contained, the company took the opportunity to revamp its...
Compliance
PCI DSS
PCI 4.0: The wider meanings of the new Standard
Blog

PCI 4.0: The wider meanings of the new Standard

By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance.  In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs from...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 10, 11 and 12
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability Management...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
Blog

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018.  The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that.  This, of course, creates a couple of problems for...
Compliance
PCI DSS
Dynamic Duo
Blog

PCI DSS 4.0 and ISO 27001 – the dynamic duo

By Tripwire Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by...
Compliance
PCI DSS