Adhering to the ever-tightening letter of the law is the cost of doing business these days, and for many companies caught in the crosshairs, that cost is getting too high.New research by Bridewell Consulting revealed that 44% of all financial services institutions in the UK listed compliance as the top cybersecurity challenge their organizations currently face. And it may be no surprise as many...

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant.And how Tripwire makes that process automatic.Compliance is a Core Cost of Doing Business TodayWithout adhering to industry-standard data privacy...

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include:Notice on Technology Risk Management (FSM N21)Notice on Cyber Hygiene (FSM N22)Notice on Management of...

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...

Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...

Technology is evolving at a startling pace, perhaps faster than ever before. Businesses are scrambling to reap the rewards of these technologies, especially AI. But do they recognize the cybersecurity risks associated with these changes? The World Economic Forum’s latest Global Risks Report suggests not. Digital Era, Digital ThreatsWe are truly living in the digital age. This brings many benefits....

In today’s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra’s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets.When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating...

File Integrity Monitoring (FIM) is a key intelligence and audit tool in an advanced security portfolio. While it is a logical component to integrate into your Security Orchestration, Automation, and Response (SOAR) tooling, it’s important to consider your approach to ensure you can gain the most benefits from it.Classify FirstThe sensible starting place for your integration is to consider your FIM...

Security configuration management (SCM) is all about making sure your security systems do what you think they’re doing.In tennis, there is something called an unforced error. This is when a player loses points for a mistake they made themselves, not due to the skill of the other opponent. In a big way, security misconfigurations are those unforced errors on the security side or instances in which...

Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program...

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA,...

What is File Integrity Monitoring?The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In...