Changes to configurations, files and file attributes across the IT infrastructure are just part of everyday life in enterprise organizations. But hidden within the large volume of daily changes can be a few unauthorized changes that impact the confidentiality, integrity or availability of a system. To protect critical systems and data, you need to detect every change, capture relevant details...

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments secure the cardholder environment to prevent credit card fraud, cyber threats, and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting, and storing credit card data to minimize the theft,...

More attention is being paid to risks around the supply chain in the bulk electricity system (BES). When third-party vendors introduce new products, software and personnel into a power supplier’s environment, the potential for new cyber risks increases. For this reason, the North American Electric Reliability Corporation (NERC) recently added a new set of requirements to its Critical...

Some of our nation’s most critical physical infrastructure is represented by the national Bulk Electric Systems (BES). Today’s digital world relies upon this interconnected network of power generation and transmission systems more than ever. To ensure the reliability and resilience of that network, providers must continually manage threats to the infrastructure, including many that relate to...

Industrial operators subject to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standard know that achieving compliance is no minor feat, and serious strategic consideration is required to ensure efficient resource use in the compliance process. By meeting NERC CIP compliance, these companies take important steps towards securing their IT/OT...

Transmission and Distribution asset owners have to juggle disconnected or disparate tools to satisfy NERC CIP and internal cybersecurity requirements. Specifically for substation automation applications, monitoring the various intelligent electronic devices (IEDs) like relays, RTUs, and connected I/O can prove difficult and time consuming. Tripwire and Eaton offer a unique combination of...

Tripwire solutions protect sensitive data and assets from breaches, vulnerabilities, and threats while delivering risk visibility, business context and security business intelligence. The integration between Tripwire and Novatech’s NERC CIP Password, Configuration and Remote Access Management solution brings a consistent approach to the management, auditing and maintenance of secure configurations...

The NERC Critical Infrastructure Protection standards are designed to enhance reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit ready with the resources required to achieve and maintain compliance. NERC CIP version 6 increases the amount of work...

The NERC Critical Infrastructure Protection standards are designed to enhance the reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit-ready with the resources required to achieve and maintain compliance. NERC CIP compliance, especially when...

Managed service providers (MSPs) can gain a competitive advantage by bolstering their service packages with managed cybersecurity controls to make their service capabilities more robust. The current technology landscape necessitates that end-users can access services on a more flexible basis and deploy licenses on-demand. That’s why leading MSPs and managed security service providers (MSSPs) rely...

SigmaFlow is the industry leading solution for orchestrating NERC CIP compliance to achieve an ongoing state of Audit Readiness. Tripwire, Inc. is a leading global provider of advanced threat, security and compliance management solutions. Integrating these solutions offers an automated way to drastically reduce the time and resources required to manage NERC compliance and collect comprehensive...

There isn’t an industry that hasn’t been affected by cyber threats, and the broadcast industry is no exception. In April 2015, France’s TV5Monde was attacked, resulting in eleven of its channels going dark and its social media outlets commandeered to display pro-Islamic State messages. This was preceded by an attack on WBOC in Salisbury, Maryland, where their Twitter account and website were...

The recently enacted European Union General Data Protection Regulation (GDPR) requires organizations to take adequate measures to ensure the security and privacy of personal data of any European citizen. This supersedes the previous Data Protection directive. As a regulation—as opposed to a mere directive—it directly imposes a uniform data security law regime on organizations that need to comply. ...

The value of electronic medical record (EMR) systems is immense. These digital records are designed to be available anytime and anywhere, connecting healthcare providers with patient data. EMRs are a central repository of patient medical histories, medications, diagnoses, immunization dates, allergies, lab results and radiology images. With this accurate and up to date patient information,...

Tripwire provides an integrated suite of solutions to help solve security challenges facing organizations within today’s Department of Defense. Tripwire tools have been used within government and military organizations in both tactical and non tactical environments to ensure system hardening through security configuration management, real time threat detection with continuous monitoring, and data...

In May 2015, Ponemon Institute and ID Experts conducted a benchmark that found that, for the first time, criminal attacks are primary cause of healthcare data breaches. This is a 125 percent increase over the past five years. Why? Because healthcare organizations and their business partners obtain and share highly valuable patient data. And, taken as a whole, the healthcare industry provides a...

The value of electronic health record (EHR) systems is immense. These digital records are designed to be available anytime and anywhere, connecting healthcare providers with patient data. EHRs are a central repository of patient medical histories, medications, diagnoses, immunization dates, allergies, lab results and radiology images. With access to this accurate patient information, providers can...

North American electric utility companies constantly balance the need to be audit-ready for NERC CIP compliance against their top priority: ensuring the reliability of the bulk electric system.NERC CIP compliance, especially when approached using manual methods, is complex, time-consuming, and prone to human error. Further, NERC CIP requirements often infer security skill sets beyond those of many...

To enhance your Federal Information Security Management Act (FISMA) compliance grade, you must implement one of the most challenging controls in NIST SP 800-53: the Controls, Family: System Information & Integrity (SI) 7 requirement. SI-7 states that organizations must employ automated and centrally managed integrity verification tools to detect unauthorized change. This level of visibility can be...

An Extremely Brief History of ICS SecurityIndustrial control systems (ICS) proliferated before cybersecurity became the mission-critical concern it is today. The shift to new network technologies improves data collection, efficiency and time-to-market, but it also produces new cybersecurity risks:Many ICS are purpose-built and proprietary, making them out of sync with modern cybersecurity...