Blog

Blog

Cloud Watching Report: Key Takeaways

The capabilities of cloud computing have changed the digital landscape significantly, and the popularity of cloud solutions only continues to increase. According to Gartner, the market for public cloud services is expected to surpass 700 billion USD by the end of 2024. The growth of cloud technologies presents a wealth of new opportunities for IT...
Blog

Closing Integrity Gaps with NIST CSF

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood....
Blog

Getting started with Zero Trust: What you need to consider

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which...
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with...
Blog

Integrity Monitoring Use Cases: Compliance

What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In...
Blog

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in...
Blog

A 5 Step Checklist for Complying with PCI DSS 4.0

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online...
Blog

PCI 4.0: The wider meanings of the new Standard

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs...
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability...
Blog

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems...
Blog

PCI DSS 4.0 and ISO 27001 – the dynamic duo

It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed...
Blog

PCI DSS 4.0 is Here: What you Need to Consider

The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be...
Blog

What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities...
Blog

How Achieving Compliance with PCI DSS Can Help Meet GDPR Mandates

Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy...
Blog

CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A...
Blog

PCI DSS 4.0 Is Coming – Are You Ready?

Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of...
Blog

Steps for PCI DSS Gap Analysis

Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security...
Blog

A Checklist for Preparing for Your Organization's Next PCI Audit

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI...