The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.One key aspect of SOX compliance is ensuring the integrity and security of financial data. In the digital age,...

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....

In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it's crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or outsourced solutions, each environment presents unique security challenges that require...

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion in value in 2024.But what are the trends currently defining the cloud computing market? According to Donnie...

With Artificial Intelligence (AI) becoming more pervasive within different industries, its transformational power arrives with considerable security threats. AI is moving faster than policy, whereas the lightning-quick deployment of AI technologies has outpaced the creation of broad regulatory frameworks, raising questions about data privacy, ethical implications, and cybersecurity. This gap is...

Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.However, this isn't always the best strategy. Many significant risks arise from simple...

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes. The Standard includes limited exceptions for specific requirements, classifying them as...

For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on which baseline security configurations are necessary for federally deployed IT products. While not a standalone...

The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members "from the President on down." Their cybersecurity measures are among the best in the world. As Amy Probst, Lead Customer Management Specialist at DISA, explains, DISA’s Cybersecurity Service Provider (CSSP) program "monitors...

The IT and OT systems that support not only federal governmental agencies but also national critical infrastructure must be protected, but developing a security strategy effective against threats is no easy feat. It can be difficult to cover all of the necessary areas, given that these systems are “complex and dynamic, technologically diverse, and often geographically dispersed,” according to a...

The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate scandals, such as those involving Enron, WorldCom, and Tyco International, which shook investor confidence and underscored...

In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined.The IoT Security ChallengeSecuring the Internet of Things (IoT) presents complex challenges that stem primarily from the scale, heterogeneity, and distributed nature of IoT networks:Inconsistent security standards: One of the most pressing issues is the...

Contrary to what one might expect, creating a File Integrity Monitoring (FIM) system is pretty easy. Practically anyone with a modicum of Python, Perl, or development skills can write an app or script to gather a file's checksum, compare it to a list or baseline, and tell you whether or not said file has changed.But creating a good FIM solution is hard. Many inadequate checkbox File Integrity...

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code. Widely recognized as the go-to method to boost productivity and simplify the process, containerization keeps gaining...

Zero Trust maturity might be one of the least understood security buzzwords of our era. The term “Zero Trust” was originally coined over a decade ago and described the principle of not assigning digital trust to any entity, ever, for free. It represented a fundamental paradigm shift from the trust-happy early internet days to the threat-filled cyber landscape we now know.Since then, companies have...

The successful implementation of new tools and processes hinges not just on the technology itself but on meticulous project management. From ensuring secure access to the underlying infrastructure, a new tool will be implemented upon defining clear goals and understanding the security footprint of the service. Even the earliest steps of your rollout can be important in the long run. Getting all...

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations often make exacting demands of Fortra Tripwire's customers, requiring them to update or create new change processes and document those processes in order to comply. In any NERC CIP-centered IT\OT project, there are always crucial indicators of success - even before the project gets...

Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program. ...

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does...