Security Compliance - Awesome Goat

Breaking Compliance into Bite-Sized Portions

Blog

Breaking Compliance into Bite-Sized Portions

By Antonio Sanchez on Wed, 06/12/2024

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does not...

Breaking Compliance into Bite-Sized Portions

Blog

Breaking Compliance into Bite-Sized Portions

By Antonio Sanchez on Wed, 06/12/2024

ANSI and the International Society of Automation Explained

Blog

ANSI and the International Society of Automation Explained

By Steven Sletten on Wed, 05/08/2024

As technologies advance and the world grows more complicated, collaboration and coordination have become increasingly important. Setting standards, sharing information, and bringing experts together are essential to safely developing technologies for national and global priorities, and the world needs organizations to fulfill this role. The American...

ANSI and the International Society of Automation Explained

Blog

ANSI and the International Society of Automation Explained

By Steven Sletten on Wed, 05/08/2024

How Does PCI DSS 4.0 Affect Web Application Firewalls?

Blog

How Does PCI DSS 4.0 Affect Web Application Firewalls?

By Josh Davies on Mon, 01/08/2024

The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0 , heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance. The shift from a best practice to a prescribed...

How to Spot a Winning NERC CIP Project

Blog

How to Spot a Winning NERC CIP Project

By Paul Stewart on Wed, 06/19/2024

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations often make exacting demands of Fortra Tripwire's customers, requiring them to update or create new change processes and document those processes in order to comply. In any NERC CIP-centered IT\OT project, there are always crucial indicators of success - even before the project gets...

Making Sense of Financial Services Cybersecurity Regulations

Blog

Making Sense of Financial Services Cybersecurity Regulations

By Stefanie Shank on Thu, 02/29/2024

The financial services sector faces unprecedented cybersecurity challenges in today's digital age. With the industry being a prime target for cybercriminals, understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services, underscoring...

What is the Standard of Good Practice for Information Security?

Blog

What is the Standard of Good Practice for Information Security?

By Steven Sletten on Thu, 06/06/2024

The ISF (Information Security Forum) Standard of Good Practice (SoGP) is a comprehensive set of best practices designed to help organizations effectively manage their information security risks. Covering various topics, including governance, risk management, compliance, incident management, and technical security controls, it helps establish and...

The Impact of NIST SP 800-171 on SMBs

Blog

The Impact of NIST SP 800-171 on SMBs

By Josh Breaker-Rolfe on Mon, 05/06/2024

From more broad laws like GDPR to industry-specific regulations like HIPAA , most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute of Standards and Technology Special Publication...

The Impact of NIST SP 800-171 on SMBs

Blog

The Impact of NIST SP 800-171 on SMBs

By Josh Breaker-Rolfe on Mon, 05/06/2024

So You Want to Achieve NERC CIP-013-1 Compliance...

Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

By Anastasios Arampatzis on Wed, 03/06/2024

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the availability and reliability of the grid is crucial...

So You Want to Achieve NERC CIP-013-1 Compliance...

Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

By Anastasios Arampatzis on Wed, 03/06/2024

The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration

Blog

The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration

By Faisal Parkar on Tue, 02/06/2024

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to understand the security measures individuals and...

HITRUST: the Path to Cyber Resilience

Blog

HITRUST: the Path to Cyber Resilience

By John Salmi on Wed, 05/22/2024

"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses

Blog

"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses

By Anastasios Arampatzis on Wed, 04/24/2024

Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense is the cornerstone of cybersecurity – in a world...

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

Blog

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

By Graham Cluley on Mon, 01/22/2024

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS...

Security vs. Compliance: What's the Difference?

Blog

Security vs. Compliance: What's the Difference?

By Anthony Israel-Davis on Thu, 04/04/2024

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...

Security vs. Compliance: What's the Difference?

Blog

Security vs. Compliance: What's the Difference?

By Anthony Israel-Davis on Thu, 04/04/2024

PCI DSS 4.0 Requirements – Network Security Controls and Secure Configuration

Blog

PCI DSS 4.0 Requirements – Network Security Controls and Secure Configuration

By Editorial Staff

We have officially entered the 12-month countdown to the enactment of the new Payment Card Industry Data Security Standard (PCI DSS). The new version, 4.0, set to go into effect on April 1, 2024, contains some interesting and notable changes. Is your organization ready to meet the new requirements? In this 6-part series, we spoke with specialists who help to break down the changes to make your...

Cybersecurity Best Practices for SOX Compliance

Blog

Cybersecurity Best Practices for SOX Compliance

By Anthony Israel-Davis on Wed, 07/03/2024

The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate scandals, such as those involving Enron, WorldCom, and Tyco International, which shook investor confidence and underscored...

IoT Security Regulations: A Compliance Checklist – Part 2

Blog

IoT Security Regulations: A Compliance Checklist – Part 2

By Gilad David Maayan on Wed, 07/03/2024

In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined.The IoT Security ChallengeSecuring the Internet of Things (IoT) presents complex challenges that stem primarily from the scale, heterogeneity, and distributed nature of IoT networks:Inconsistent security standards: One of the most pressing issues is the...

Expert Insight for Securing Your Critical Infrastructure

Blog

Expert Insight for Securing Your Critical Infrastructure

By Ted Rassieur on Wed, 01/03/2024

At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA...

Making Sense of Financial Services Cybersecurity Regulations

Blog

Making Sense of Financial Services Cybersecurity Regulations

By Stefanie Shank on Thu, 02/29/2024

The financial services sector faces unprecedented cybersecurity challenges in today's digital age. With the industry being a prime target for cybercriminals , understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services, underscoring their significance in safeguarding sensitive...

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

Blog

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

By Tripwire Guest Authors on Tue, 02/20/2024

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few. Though third-party vendors are a necessary cog in the...

Tips for Ensuring HIPAA Compliance

Blog

Tips for Ensuring HIPAA Compliance

By Tripwire Guest Authors on Wed, 01/17/2024

Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private. At the heart of this privacy challenge stands the venerable Health Insurance Portability and...

Loading ...