Resources
Guide

Tripwire State of Industrial Cybersecurity Report

As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...
Cybersecurity
Industrial Control Systems
Guide

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. ...
Compliance
NERC CIP
Industrial Control Systems
Guide

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Compliance
PCI DSS
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide

Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions

The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts. How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...
Cybersecurity
Industrial Control Systems
Guide

6 Expert Industrial Cybersecurity Tips for CISOs

Digital attacks are a growing concern for industrial control system (ICS) security professionals. In a 2019 survey conducted by Dimensional Research, 88 percent of respondents told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey...
Cybersecurity
Industrial Control Systems
Guide

The Industrial Control System (ICS) Visibility Imperative

The rapid convergence of IT and OT systems can leave even the most cybersecurity-mature organizations exposed. Industrial security teams are under-reacting to new cyberthreats, and legacy operational technology simply wasn’t built to handle the risks incurred by connecting to IT systems. The main issue is visibility: You can’t secure what you can’t see. Safety, productivity, and uptime are...
Industrial Control Systems
Guide

Industrial Cybersecurity is Essential

Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line. ...
Cybersecurity
Industrial Control Systems
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Compliance
PCI DSS
Guide

Defending Industrial Control Systems

Threats to Industrial Control Systems (ICS) are increasing—a reality that ICS-centric industries have begun to recognize. As a response to the growing need for protection from cyberattacks, the Department of Homeland Security (DHS), National Cybersecurity and Communications Integration Center (NCCIC) and the National Security Agency (NSA) have published Seven Steps to Effectively Defend Industrial...
Industrial Control Systems
Guide

Detailed Mapping of the Tripwire and CIS Controls

The goal of the Center for Internet Security Controls is to protect critical assets, infrastructure and information by strengthening your organization's defensive posture through continuous, automated protection and monitoring of your IT infrastructure. The strength of the Controls is that it reflects the combined knowledge of actual attacks and effective defenses from experts in many...
Industrial Control Systems
Navigating Industrial Cybersecurity Thumb
Guide

Navigating Industrial Cybersecurity: A Field Guide

Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...
Cybersecurity
Industrial Control Systems
PCI 4.0: The wider meanings of the new Standard
Blog

PCI 4.0: The wider meanings of the new Standard

By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance.  In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs from...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 10, 11 and 12
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability Management...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
Blog

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018.  The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that.  This, of course, creates a couple of problems for...
Compliance
PCI DSS
Bridging the IT/OT gap with Tripwire’s Industrial Solutions
Blog

Bridging the IT/OT gap with Tripwire’s Industrial Solutions

By Zane Blomgren on Tue, 06/07/2022
Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were once...
Industrial Control Systems
ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety
Blog

ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety

By Tripwire Guest Authors on Mon, 05/30/2022
The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system. Health professionals should not take this issue lightly, as financial...
Industrial Control Systems
Dynamic Duo
Blog

PCI DSS 4.0 and ISO 27001 – the dynamic duo

By Tripwire Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by...
Compliance
PCI DSS
PCI DSS 4.0 is Here: What you Need to Consider
Blog

PCI DSS 4.0 is Here: What you Need to Consider

By David Bruce on Tue, 04/26/2022
The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be...
Compliance
PCI DSS