Resources

Guide

Adjusting to the Reality of Risk Management Framework

For many reasons, aligning IT security, compliance and IT Operations has been an ongoing challenge in the federal ecosystem. There are plenty of stories about waste and misalignment of IT security for federal systems, such as systems that are compliant but not secure, and investments on tools that didn’t make anything more secure or were difficult to run. IT Operations people will point to issues...
Guide

Navigating Industrial Cybersecurity:

Nearly every aspect of modern life depends upon the uninterrupted function of industrial control systems (ICS). ICSs keep the lights on, ensure clean drinking water, and provide other critical infrastructure processes. Beyond power, energy, and other utilities, ICSs are also responsible for the manufacturing of your computer, your car, and countless other physical items we rely on every day.It’s...
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Guide

Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives

Escalating cyberthreats in the oil and gas industry underscore the need for substantial collaboration between public and private sectors to mitigate this national security risk, and much of this responsibility falls on the shoulders of individual pipeline operators who need to comply with the Transportation Security Administration (TSA) Security Directive.Despite being best known for its role in...
Guide

2024 Pen Testing Report

Each year, Fortra's Core Security conducts a global survey of cybersecurity professionals across various industries on their penetration testing practices to better understand the different approaches to, common challenges with, and overall development of offensive security.The 2024 Penetration Testing Report is an analysis of the results of this survey, with the aim of providing increased...
Guide

What Cybersecurity Pros Think of Zero Trust Today

Zero trust isn’t a new model, but its influence on the cybersecurity industry has strengthened over time since 1994. Zero trust became especially top-of-mind a few years ago when remote work and cloud services took off, prompting organizational leaders to rethink the way they enforced cybersecurity controls in an increasingly perimeter-less world. Is zero trust just another cybersecurity buzzword...
Guide

10 Common Security Misconfigurations and How to Fix Them

Is your organization using default security settings, or do you have a security configuration management (SCM) program in place to ensure your configurations are as secure as possible? Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, websites, software, and cloud infrastructure. The Open Worldwide Application...
Guide

5 Things Your FIM Solution Should Do for You

File integrity monitoring (FIM) is a critical security control that helps organizations detect system changes in real-time that indicate impacts to compliance and potential cybersecurity incidents, empowering teams to respond rapidly. FIM is required by many major compliance standards such as North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), the...
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Guide

File Integrity Monitoring (FIM) Toolkit

File integrity monitoring (FIM) is used to detect and correct unauthorized system changes that may be indicators of compromise. As the inventors of FIM, Fortra’s Tripwire has a multi-decade track record of helping organizations that want to reduce cyber risk and achieve system integrity to avoid security breaches and audit fines. This toolkit is a collection of helpful resources such as articles,...
Guide

PCI DSS Resource Toolkit

PCI DSS Resources for Seamless Compliance The Payment Card Industry Data Security Standard (PCI DSS) is one of the most widely applied regulatory compliance standards, meaning thousands of organizations can benefit from streamlining their compliance programs to avoid audit fines and protect cardholder data. Fortra’s Tripwire is an authority on how to achieve continuous, automated compliance and...
Guide

Insider Insights for the PCI DSS 4.0 Transition

Is your organization ready for the new PCI DSS 4.0 Standard? If you’re already compliant with the most recent version of the Payment Card Industry Data Security Standard (PCI DSS), you’ve probably already begun transitioning to version 4.0 ahead of the upcoming deadline. To help you make the journey easier and more straightforward, Fortra’s Tripwire gathered strategic implementation advice from...
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will cover the main...
Guide

Don’t Get Hooked: How to Recognize and Avoid Phishing Attacks

Improve employee awareness of phishing risks with this full size phishing prevention infographic. This infographic includes valuable information on: What is phishing? Common phishing techniques and how to recognize them What to do if you suspect a phishing scam Fill out the form to receive a digital version plus a 22" x 28" printer-friendly version for printing and hanging the poster in...
Guide

2023 Zero Trust Security Report

The concept of Zero Trust is quickly gaining momentum among enterprise IT security teams, with 87 percent saying their organizations have zero trust access in place and projects underway or planned. The 2023 Zero Trust Security Report reveals how enterprises are implementing zero trust security in their organizations, including key drivers, adoption trends, technologies, investments, and benefits...
Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Guide

Beyond the Basics: Tripwire Enterprise Use Cases

Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Explore the many ways Tripwire Enterprise can protect your organization with superior security and continuous compliance.
Guide

Zero Trust and the Seven Tenets

Whether you are new to information security, or you’re a long-time practitioner, it seems that “zero trust” is the latest initiative at the top of everyone’s priority list. Special Publication 800-207, created by the National Institute of Standards and Technology (NIST) offers guidance for instituting a zero trust architecture. The document outlines the basic tenets that form the foundation of...