Blog

Blog

Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.While diligent adherence to regulatory requirements is not a...
Blog

The Role of the NIST CSF in Cyber Resilience

Resilience is one of the hottest topics of the moment, but for good reason. For most organizations, suffering a cyberattack is a matter of when, not if. Attackers are, lamentably, always one step ahead of defenders and, as such, responding to an attack and maintaining business operations have become arguably more important than protecting an organization in the first place. The NIST Cybersecurity...
Blog

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture.However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF. This process can...
Blog

Understanding Managed Service Providers (MSPs): Choosing the Right Provider

The demand for robust security, transparency, and accountability is at an all-time high, and many businesses are relying on managed service providers (MSPs) to manage their IT infrastructure, ensure data security, or provide seamless operational support. Concurrently, MSPs must continuously innovate and differentiate their offerings to meet the growing needs of businesses.The wide range of MSPs...
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Blog

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...
Blog

The Impact of NIST SP 800-171 on SMBs

From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...
Blog

Managed Cybersecurity Services Secure Modern Environments

In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored...
Blog

Resolving Top Security Misconfigurations: What you need to know

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. ...
Blog

NIST CSF 2.0: What you need to know

Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any organization mature its IT security posture. Recently, the institute published an...
Blog

How MSSPs Help with Cybersecurity Compliance

While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire recently released a new...
Blog

Closing Integrity Gaps with NIST CSF

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...
Blog

Increasing Your Business’ Cyber Maturity with Fortra

When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of...
Blog

General Data Protection Regulation (GDPR) – The Story So Far

Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a...
Blog

Working with a Reliable Partner for Cybersecurity Success

Technology companies are often seen as revolving doors of constantly shifting personnel. Whether they are seeking a better work environment or chasing a higher paycheck, these staff changes can hurt an organization’s progress. Worse yet, the customers are often negatively impacted by these changes in the continuity of established relationships. At...
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood....
Blog

Getting started with Zero Trust: What you need to consider

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which...
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with...
Blog

Managed Vulnerability Management? Yes, You Read That Right

The importance of a mature vulnerability management program can’t be overstated. File integrity monitoring (FIM) and security configuration management (SCM) might be the bedrock of a strong cybersecurity program, but they can only go so far. Scanning for vulnerabilities needs to be a foundational part of your program, too. The Center for Internet...