As global privacy requirements evolve, many information security professionals are called upon to enhance or lead information privacy programs. While this transition may seem like a natural progression, I learned five important lessons when I moved from a focus on security and audit to the field of information privacy.What Constitutes PII? Understanding PII is essential to your team's success....

For all the tremendous opportunities that the digitization of business operations has unlocked, there are also complex security and data privacy challenges that organizations have to navigate. In the interests of business privacy and security, legislation exists to hold organizations and policymakers to account. None are perhaps more influential and necessary than the EU’s General Data Protection...

Ransomware is no longer in its heyday. Evolving, AI-driven cybersecurity tools and global law enforcement efforts have seen to that. But that doesn’t mean ransomware is no longer a threat. In fact, in some ways, the danger is greater than ever. While ransomware attacks are less common than they used to be, the consequences of those that succeed are more severe. Earlier this year, the Ponemon...

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant.And how Tripwire makes that process automatic.Compliance is a Core Cost of Doing Business TodayWithout adhering to industry-standard data privacy...

Cybersecurity threats are no longer a matter of "if" but "when." While companies invest heavily in technical defenses, one important aspect often gets overlooked — communication.How an organization communicates during a cybersecurity incident determines the speed and effectiveness of its response, as well as the level of trust it maintains with stakeholders.Here, we’ll walk through the...

Over the past few years, many countries have made considerable efforts to bolster cybersecurity preparedness. These efforts are understandable when put into a geopolitical context: global relationships in the past five years have been among the most tumultuous in decades, cybersecurity threats are more sophisticated than ever, and the world is increasingly reliant on digital technologies.However,...

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista.FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under...

Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number.What is data masking?Data masking...

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks...

Protecting sensitive patient information is more critical than ever. With technologies evolving at a breakneck pace and the number of cyber threats targeting healthcare entities in the United States skyrocketing, healthcare organizations must have robust policies and guardrails in place to ensure patients' confidential information doesn't fall into the wrong hands.One of the essential frameworks...

IntroductionIn a report published by Statista, cybercrime cost the world over $9 trillion in 2024 and is predicted to rise to nearly $14 trillion by 2028. These figures are a deep source of worry for governments and private businesses about what’s next in the cyber threat landscape.The problem is that cyber threats are rising in both volume and scale. More so, the major threats are directed at...

Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...

Abu Dhabi is boosting its healthcare system with the introduction of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). This initiative, driven by the Department of Health—Abu Dhabi (DoH)—has been put in place to protect sensitive healthcare data, improve cybersecurity resilience, and keep healthcare services running smoothly.At a time when cyber threats are skyrocketing in...

The latest version of the CIS Controls was released in June 2024. The new version, 8.1, introduces some minor updates via design principles.ContextNew asset classes are updated to better match the specific parts of an enterprise’s infrastructure that each Safeguard applies to. New classes require new definitions, so CIS has also enhanced the descriptions of several Safeguards for greater detail,...

Late last year, Australia’s Cyber Security Act 2024 received Royal Assent and became Law. It was a huge moment for cybersecurity legislation in Australia, serving as the country’s first-ever standalone cybersecurity law, addressing key legislative gaps, and bringing the country in line with international best practices. But what’s included in the Act? And what does it mean for businesses? Keep...

Since 2008, the CIS Controls have been through many iterations of refinement and improvement leading up to what we are presented with today in CIS Controls version 8.1.CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles, such as threat analysts,...

In today’s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra’s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets.When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating...

Today, I will be going over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. I will go over the seven safeguards and offer my thoughts on what I’ve found.Key Takeaways for Control 2Reusability. The tools that were mentioned in Control 1 will be used in Control 2 as well. Reusing tools that accomplish goals for both Controls 1 and 2 can help cut...

Key Takeaways for Control 3At the heart of a strong data management plan is awareness surrounding the 'Five Ws' of the enterprise's data:What data does the enterprise store or handle?Who should have access to it?Where is it stored or accessed?When should it be deleted?Why does it need protection?A comprehensive data management plan incorporates the answers to these questions with policy decisions...

Data breaches continue to cost organizations millions of dollars each year, with costs rising steadily. According to IBM's 2024 Cost of a Data Breach Report, the average cost of a data breach has surged to $4.88 million globally, reflecting the increasing complexity and sophistication of cyberattacks. In the United States, this figure is even higher, averaging $9.8 million per breach, and the...