Resources

Blog

CIS Control 18: Penetration Testing

By Matthew Jerzewski on Thu, 10/10/2024

Penetration testing is something that more companies and organizations should be considering as a necessary expense. I say this because, over the years, the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2024,” the average cost of a breach has increased 10% year over year, with the healthcare...

Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...

Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are...

On-Demand Webinar

Expert Compliance Automation Tips for Financial Services

Thu, 08/17/2023

Cybersecurity compliance standards like the Payment Card Industry Data Security Standard (PCI DSS) and Society for Worldwide Interbank Financial Telecommunications (SWIFT) do an excellent job of hardening systems against breaches. This is especially important in the financial services sector, a common target for cybercriminals. This on-demand webinar presented by Senior Solutions Engineer Dan...

Compliance

CIS Controls

FISMA

GDPR

PCI DSS

SOX

Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...

Compliance

CIS Controls

FISMA

GDPR

HIPAA

NERC CIP

NIST

PCI DSS

SOX

On-Demand Webinar

ATT&CKing the Center for Internet Security

Thu, 06/01/2023

From the Critical Security Controls to the Community Defense Model, CIS has provided plenty of mappings that show how knowledge from MITRE ATT&CK can be integrated with their offerings. Last year, CIS went a step further, integrating mappings from MITRE ATT&CK into their Benchmarks. This provides a wealth of information to defenders, but too much information can sometimes lead to information...

Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

By Tripwire Guest Authors on Thu, 10/20/2022

In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation.This process caused delays while teams worked on remediation or, worse yet, it...

Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...

Compliance

CIS Controls

FISMA

GDPR

HIPAA

NIST

PCI DSS

Guide

The Executive's Guide to the CIS Controls

See how simple and effective security controls can help you protect your organization and data from known cyberattack vectors.Executives understand that a combination of security solutions is required to protect their organizations. These solutions include technical and architectural controls as well as standardized frameworks. One such framework stands out in the context of practical cyber risk...

Datasheet

Tripwire Enterprise and Cisco AMP Threat Grid

Overview There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices, and start defending...

Datasheet

MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping

It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data. Instead, you need to narrow your focus to make your efforts truly impactful. But which of the countless potential cybersecurity attacks out there should you choose to prioritize? MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework and the Center for...

Datasheet

The CIS Controls and Tripwire Solutions

Many organizations face the challenging threat environment by strategically choosing a security controls framework as a reference for initiating, implementing, measuring, and evaluating their security posture, as well as managing risk. While many frameworks are available, one of the most notable and commonly used is the Center for Internet Security’s CIS Controls. This well known framework has...

Product Video

Watch a Demo of Tripwire Enterprise

Mon, 08/15/2022

Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...

Blog

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

By David Bisson on Tue, 01/18/2022

Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of...

Blog

What’s New in v8 of the CIS Controls

By David Bisson on Wed, 06/16/2021

Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls,...

Blog

Mind the GAAP: A Lens for Understanding the Importance of the CIS Controls

By Mitch Parker on Sun, 05/16/2021

Given that attacks are only increasing and there needs to be greater efficacy in how companies protect themselves, let us reference how the financial industry has created and relies on a body of standards to address issues in financial accounting as a defined comparison for Information Security. To support this argument, there is a defined contrast...

Blog

How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls

By David Bisson on Sun, 04/11/2021

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign. The SolarWinds Supply Chain Attack In mid-December 2020, the security...

Blog

The Perimeter Really Is Gone - CIS Controls and COVID-19 with Tony Sager

By Editorial Staff on Mon, 05/18/2020

Tony Sager, Senior Vice President and Chief Evangelist at CIS (Center for Internet Security) joins us to discuss the best approaches to the changing security landscape in the wake of COVID-19. Tony is a lifelong defender, with more than 44 years of experience. He spent most of his career at the NSA and now leads the development of the CIS Controls,...

Blog

Cybersecurity in Education (K-12) with the CIS Controls

By Editorial Staff on Mon, 04/13/2020

Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily...

Blog

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

By David Bisson on Sun, 08/05/2018

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2...

CIS Control 18: Penetration Testing

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Resolving Top Security Misconfigurations: What you need to know

Expert Compliance Automation Tips for Financial Services

How Managed Services Can Help With Cybersecurity Compliance

ATT&CKing the Center for Internet Security

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The Executive's Guide to the CIS Controls

Tripwire Enterprise and Cisco AMP Threat Grid

MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping

The CIS Controls and Tripwire Solutions

Watch a Demo of Tripwire Enterprise

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

What’s New in v8 of the CIS Controls

Mind the GAAP: A Lens for Understanding the Importance of the CIS Controls

How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls

The Perimeter Really Is Gone - CIS Controls and COVID-19 with Tony Sager

Cybersecurity in Education (K-12) with the CIS Controls

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

Contact Information

Privacy Policy

Cookie Policy

Impressum