Blog
Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS
By Tripwire Guest Authors on Wed, 08/31/2022
The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in 2022, it’s not surprising that businesses are...
Blog
A 5 Step Checklist for Complying with PCI DSS 4.0
By Tripwire Guest Authors on Mon, 08/15/2022
In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements . Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online payments. At the same time, cybercriminals have...
Product Video
AAA: Getting Roadside Assistance from Tripwire
Mon, 08/15/2022
Tim Masey, Director of Enterprise Information Security at AAA, shared his company’s PCI journey: beginning with a small implementation of Tripwire, then running into roadblocks by Management for the expansion of products, and eventually moving forward with the implementation of Tripwire’s policy driven dashboards, rules and tasks for over 500 servers.
Guide
How Finance Companies Bank on Tripwire ExpertOps
Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Guide
PCI DSS and the CIS Controls
Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Guide
Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls
The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Guide
How Infosec Teams Can Overcome the Skills Gap
Does your organization have enough cybersecurity staff with a high level of expertise? If not, you’re not alone. The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83 percent of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85 percent) stated that...
Guide
Essential PCI DSS v4.0 Transition Checklist
The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Guide
Communicating Cybersecurity to Boards and Executives: A Workbook to Help Build Cybersecurity Literacy
We’ve all heard, “it’s not a matter of if you’ll be breached, but when.” If a breach occurs, is your organization prepared to detect it quickly? Now more than ever, corporate executives and boards are asking for assurance that the organization and its sensitive data is adequately protected. This cybersecurity self-assessment is derived from the Cyber-Risk and Oversight Handbook developed by the...
Datasheet
Tripwire ExpertOps
Many IT teams are facing challenging skills gaps or struggling with optimizing their cybersecurity software. It might be that your team is too small for their responsibilities, or that you’re finding it difficult to attract, train, and retain talent. Turnover is a common problem, with organizations and agencies often losing skilled individuals to new opportunities. Fortunately, strategically...
Datasheet
Tripwire ExpertOps and NIST 800-171
Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the Internet and other networks for business, operations and research. Information about citizens, banking and finance...
Datasheet
Tripwire ExpertOps and PCI
The Payment Card Industry Data Security Standard ( PCI DSS ) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft...
Datasheet
Tripwire Resident Engineers
The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Datasheet
Tripwire Resident Engineers for Federal Agencies
The cybersecurity skills gap leaves Federal agencies without adequate staffing for the operation of their security tools. High turnover rates can also cause agencies to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote work...
Datasheet
Tripwire’s Solutions for Automated, Continuous PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments secure the cardholder environment to prevent credit card fraud, cyber threats, and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting, and storing credit card data to minimize the theft...
Datasheet
Improving your Cybersecurity Posture with the NIST Cybersecurity Framework
There isn’t an industry that hasn’t been affected by cyber threats, and the broadcast industry is no exception. In April 2015, France’s TV5Monde was attacked, resulting in eleven of its channels going dark and its social media outlets commandeered to display pro-Islamic State messages. This was preceded by an attack on WBOC in Salisbury, Maryland, where their Twitter account and website were...
Datasheet
Maintaining the Security and Integrity of Electronic Health Record Systems
The value of electronic health record (EHR) systems is immense. These digital records are designed to be available anytime and anywhere, connecting healthcare providers with patient data. EHRs are a central repository of patient medical histories, medications, diagnoses, immunization dates, allergies, lab results and radiology images. With access to this accurate patient information, providers can...
Case Study
Payment Processor for Businesses
As a recognized leader in the payment processing sector, this company offers its clients hundreds of secure payment methods across multiple platforms, around the globe. Onan average day it processes tens of millions of mobile, online and in-store transactions in 100+ currencies. After experiencing a security incident that was quickly contained, the company took the opportunity to revamp its entire...
Blog
PCI 4.0: The wider meanings of the new Standard
By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0 , contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs from the previous version, we examined some of the...