Resources | Tripwire

Resources

Guide

Mind the Cybersecurity Gap: Why Compliance Isn't Enough

Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in the future. This...
Guide

Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions

The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts. How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...
Guide

6 Expert Industrial Cybersecurity Tips for CISOs

Digital attacks are a growing concern for industrial control system (ICS) security professionals. In a 2019 survey conducted by Dimensional Research, 88 percent of respondents told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey...
Guide

The Industrial Control System (ICS) Visibility Imperative

The rapid convergence of IT and OT systems can leave even the most cybersecurity-mature organizations exposed. Industrial security teams are under-reacting to new cyberthreats, and legacy operational technology simply wasn’t built to handle the risks incurred by connecting to IT systems. The main issue is visibility: You can’t secure what you can’t see. Safety, productivity, and uptime are...
Guide

Implementing Cloud Security Best Practices

Cybersecurity professionals the world over share common cloud security concerns like risk management, configuration security, and cloud compliance. As organizations expand further into the cloud, there continues to be an influx of simple mistakes that can expose organizations to significant security, privacy, and regulatory risks. Tripwire partnered with Dimensional Research to understand what...
Guide

Industrial Cybersecurity is Essential

Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line.
Guide

5 Critical Steps: Complete Security Risk and Compliance Lifecycle for Government

Maintaining security and compliance in today’s ever-changing environment is a never-ending task. To manage that task, the most successful government organizations adopt a systematic approach that promotes continuous improvement. Tripwire is a leading provider of enterprise-class foundational controls for federal security, compliance, and IT operations. We listened to our customers to understand...
Guide

How Infosec Teams Can Overcome the Skills Gap

Does your organization have enough cybersecurity staff with a high level of expertise? If not, you’re not alone. The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83 percent of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85 percent) stated that...
Guide

Succeeding as a Cybersecurity Leader in the New Decade

You and your security team have a lot on your plate. It’s crucial to keep your organization’s network protected by maintaining a security program that minimizes risk, and it’s you and your team’s responsibility to execute this. This effort has only become more complicated as we’ve entered into a new decade. With the dramatic shift to many of us working from home in 2020—and many organizations...
Guide

Federal Cybersecurity: Security Fundamentals for Federal Agencies

Cybersecurity experts are urging government agencies to protect their data with up-to-date, foundational security controls, and agencies are listening. But how can they determine where exactly to focus their efforts to maximize efficiency and ensure a strong security stance? This white paper details the four key components federal agencies need in order to establish and maintain a robust security...
Guide

Solid Foundations for Cloud Security: Houses Built on Sand or Rock

Moving mission critical applications to the cloud provides a whole host of benefits but it also means trusting cloud providers with key aspects of security and compliance. This paper provides tools you can use to evaluate the security and compliance offerings of cloud computing partners. It also describes how Tripwire’s solutions can be used to build and deploy a rock-solid security foundation for...
Guide

Foundational Controls Buyer's Guide

As your organization grows, your technology landscape becomes increasingly more sophisticated and complex. You need foundational controls to keep your organization secure, compliant and available. Foundational controls have proven to deliver a highly effective and efficient level of defense against the majority of real world attacks and provide the necessary foundation for dealing with more...
Guide

Visible Ops Security: Four-Phase Approach to FIM File Integrity and Change Management Security

While annual business plans focus on strategic initiatives designed to keep the enterprise competitive or to mitigate risk, it’s the day-to-day operations that consume the most time and resources. For many IT organizations, it seems that just keeping the computers running and the lights on occupies the majority of their time. What can you do to gain control? Control change. When you can...
Guide

Getting Up to Speed on GDPR

Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their business.
Guide

Governance, Risk, and Compliance

Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide

File Integrity Monitoring (FIM) Software Buyer's Guide

There’s a lot more to file integrity monitoring than simply detecting change. Although FIM is a common policy requirement, there are many FIM capabilities and processes you can elect to implement or not. These can vary from a simple “checkbox” compliance tool to the option to build an effective security and operational control. These decisions directly affect the value your organization gains from...
Guide

FISMA SI-7 Buyer's Guide

The FISMA SI-7 Buyer’s Guide focuses on one of the most difficult security controls agencies must adhere to: NIST 800-53 SI-7. Learn what solutions to look for.
Guide

5 File Integrity Monitoring (FIM) Myths and Misconceptions

File integrity monitoring (FIM) is the cybersecurity process that monitors and detects changes in your environment to alert you to threats and helps you remediate them. While monitoring environments for change sounds simple enough, there are plenty of misconceptions about how exactly FIM fits into a successful cybersecurity program. It’s essential to address those common myths now so that...
Guide

Five Tips for NERC CIP Audits

Meeting NERC CIP compliance is a challenge that keeps industrial controls systems (ICS) operators up at night. If organizations fail their audits, the NERC organization can levy large fines and require that extensive remediation work be done to bring systems back into compliance, leading to lost productivity and revenue. NERC (North American Electric Reliability Corporation), a part of ERO,...