tripwire.com /state-of-security
Blog | Tripwire
Static Web Parser

 


Blog

IT Security Terms: Regulations, Standards, Controls, Frameworks, and Policies - Where to Start!?

By PJ Bradley on Tue, 11/12/2024
When tasked with the IT security of an organization, it can be easy to get bogged down in particulars and definitions and lose heart before you’ve even begun. With a plethora of terms to learn, details to secure, and moving parts to keep track of, building an effective cybersecurity strategy is no simple task. It requires a great deal of effort, planning, and coordination.Security is a crucial...
Cybersecurity
Compliance
Blog

Breaking Compliance into Bite-Sized Portions

By Antonio Sanchez on Wed, 06/12/2024
Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does not...
Cybersecurity
Compliance
Blog

Breaking Compliance into Bite-Sized Portions

By Antonio Sanchez on Wed, 06/12/2024
Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does...
Cybersecurity
Compliance
Blog

The Overlooked Danger Within: Managing Insider Threats

By Antonio Sanchez on Mon, 11/25/2024
When we think about cybersecurity, we think of malicious actors constantly devising new ways to breach our defenses. While this is critical, it's equally important to understand that another menace can be sitting down the hall. The risk of insider attacks is significant and should not be overlooked.These attacks have floored businesses of all sizes and in various industries, frequently with dire...
Cybersecurity
Compliance
File Integrity & Change Monitoring
Security Configuration Management
Blog

Five Challenges of National Information Assurance and How to Overcome Them

By Christy Cherian on Tue, 10/15/2024
The National Information Assurance (NIA) Policy is a framework for offering organizations a foundation for information security management. It was designed and developed to aid organizations with the necessary steps to ensure information security, from assessing and classifying risk to choosing and implementing controls for mitigation.The NIA policy provides businesses with guidelines to support...
Cybersecurity
Compliance
Security Configuration Management
Blog

CIS Control 12: Network Infrastructure Management

By Matthew Jerzewski on Wed, 11/20/2024
Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default”...
Compliance
CIS Controls
Blog

CIS Control 13: Network Monitoring and Defense

By Matthew Jerzewski on Wed, 11/13/2024
Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks.Key Takeaways for Control 13Enterprises should understand that their systems and networks are never perfectly...
Compliance
CIS Controls
Blog

Creating a Real-Time USB Monitoring Rule for Enhanced Security and Compliance

By Paul Stewart on Mon, 11/11/2024
In today's cybersecurity landscape, controlling access to USB drives is critical, particularly for organizations looking to maintain compliance with regulations like NERC CIP and bolster their security posture. Unauthorized USB usage poses significant risks, from data exfiltration to malware injection. However, restricting USB access entirely isn't always practical. Instead, organizations can...
Cybersecurity
Compliance
Blog

Understanding SOX Requirements for IT and Cybersecurity Auditors

By John Salmi on Wed, 10/30/2024
The Sarbanes-Oxley Act (SOX) is a United States federal law that aims to enhance corporate transparency and accountability. Signed into law on July 30th, 2002, the Act came in response to a slew of major corporate accounting scandals, including those involving Enron and WorldCom, that came to light in the early 2000s.Its primary aim is to enhance corporate transparency and accountability, ensuring...
Compliance
SOX
Blog

5 Things to Learn About COBIT

By John Salmi on Mon, 10/28/2024
You can’t do large-scale business in 2024 without having a successful, well-run IT infrastructure. Arguably, it’s difficult to do any sort of business well (large or small) without tuning your IT capabilities to your business objectives. This allows them to work as one, not against each other.COBIT is a framework created by ISACA (International Systems Audit and Control Association) to do this...
Cybersecurity
Compliance
Blog

CIS Control 15: Service Provider Management

By Matthew Jerzewski on Tue, 10/29/2024
Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important.Key Takeaways from Control 15Identify your business needs and create a set of standards that can be used to grade service...
Compliance
CIS Controls
Blog

What's New with the TSA’s Oil and Gas Security Directives?

By Michael Betti on Tue, 10/29/2024
In recent years, the security of the United States' critical infrastructure has become a pressing concern, particularly in the oil and gas sector, due to its pivotal role in the nation's economy and energy supply. Recognizing this, the Transportation Security Administration (TSA) implements several new directives in July each year aimed at enhancing the security and resilience of vital energy...
Compliance
Industrial Control Systems
Blog

5 Things to Learn About COBIT

By John Salmi on Mon, 10/28/2024
You can’t do large-scale business in 2024 without having a successful, well-run IT infrastructure. Arguably, it’s difficult to do any sort of business well (large or small) without tuning your IT capabilities to your business objectives. This allows them to work as one, not against each other.COBIT is a framework created by ISACA (International Systems Audit and Control Association) to do this...
Cybersecurity
Compliance
Blog

CIS Control 16 Application Software Security

By Matthew Jerzewski on Wed, 10/23/2024
The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and...
Compliance
CIS Controls
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

By David Henderson on Thu, 08/15/2024
NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Cybersecurity
Compliance
NIST
Blog

Cybersecurity at Ports Gets a Boost with New Bipartisan Bill

Cybersecurity's role in geopolitics is growing more significant by the day. In a world of increasingly sophisticated cyber threats, governments worldwide are recognizing the impact digital attacks can have on national security, trade, and infrastructure.This has never been more evident than with the recent introduction of the Protecting Investments in Our Ports Act by U.S. Senators John Cornyn (R...
Blog

Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.While diligent adherence to regulatory requirements is not a...
Blog

CIS Control 17: Incident Response Management

By Matthew Jerzewski on Wed, 10/16/2024
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeed in responding to the threat.Key TakeawaysOne takeaway...
Compliance
CIS Controls
Incident Detection & Investigation
Blog

Five Challenges of National Information Assurance and How to Overcome Them

By Christy Cherian on Tue, 10/15/2024
The National Information Assurance (NIA) Policy is a framework for offering organizations a foundation for information security management. It was designed and developed to aid organizations with the necessary steps to ensure information security, from assessing and classifying risk to choosing and implementing controls for mitigation.The NIA policy provides businesses with guidelines to support...
Cybersecurity
Compliance
Security Configuration Management
Blog

NESA Standard Ensures Security of UAE’s Cyberspace

By Christy Cherian on Wed, 09/18/2024
To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the ICT industry has grown, so have government agencies to regulate it, namely the Signals Intelligence Agency, formerly...
Cybersecurity
Compliance
Blog

Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

By PJ Bradley on Mon, 10/14/2024
Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.While diligent adherence to regulatory requirements is not a...
Cybersecurity
Compliance
NIST
Blog

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

By Antonio Sanchez on Mon, 09/23/2024
So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture.However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF. This process can...
Cybersecurity
Compliance
NIST
Blog

CIS Control 18: Penetration Testing

By Matthew Jerzewski on Thu, 10/10/2024
Penetration testing is something that more companies and organizations should be considering as a necessary expense. I say this because, over the years, the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2024,” the average cost of a breach has increased 10% year over year, with the healthcare...
Compliance
CIS Controls
Blog

The Role of the NIST CSF in Cyber Resilience

By Josh Breaker-Rolfe on Thu, 10/10/2024
Resilience is one of the hottest topics of the moment, but for good reason. For most organizations, suffering a cyberattack is a matter of when, not if. Attackers are, lamentably, always one step ahead of defenders and, as such, responding to an attack and maintaining business operations have become arguably more important than protecting an organization in the first place. The NIST Cybersecurity...
Cybersecurity
Compliance
NIST
Blog

CIS Control 18 Penetration Testing

By Matthew Jerzewski on Thu, 10/10/2024
Penetration testing is something that more companies and organizations should be considering as a necessary expense. I say this because, over the years, the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2024,” the average cost of a breach has increased 10% year over year, with the healthcare...
Compliance
CIS Controls
Loading ...