Center for Internet Security (CIS) Controls v8: Your Complete Guide to the Top 18
The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices ... Read More
Safeguard Identity Data at the Source
When your customers create an account on your website or application, they are entrusting their valuable information with you in order to establish a relationship. To maintain that relationship, they need to have faith that you will protect their information ... Read More
What is NERC?
NERC CIP Standards Background and Basics The North American Electic Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. They do this through the continual development of a set of regulatory standards in addition to education, training, and certifications for industry personnel ... Read More
A Beginner’s Guide to PCI Compliance
PCI DSS, or the Payment Card Industry Data Security Standard, is the set of regulatory requirements all organizations who process card payments must adhere to. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools. Let’s ... Read More
How to Pick the Right Solution for FISMA SI-7 Compliance
It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting solution. First, a Few FISMA SI-7 Basics So what sorts of ... Read More
Latest Version of Tripwire IP360 Now Certified To Meet Most Current Common Criteria Certification Standards
Tripwire has demonstrated its ongoing commitment to meeting U.S. government and internationally recognized security standards by achieving the most current Common Criteria standards for its latest version of Tripwire IP360’s 9.0.1, specifying the certification as “Evaluation Assurance Level 2 augmented with Flaw Remediation” (EAL2+). VM and SCM for Federal Agencies ... Read More
Tripwire Products: Quick Reference Guide
The post Tripwire Products: Quick Reference Guide appeared first on The State of Security ... Read More
Proactive System Hardening: Continuous Hardening’s Coming of Age
The first article in this series examined configuration hardening—essentially looking at ports, processes and services where security configuration management (SCM) is key. The second article looked at application and version hardening strategies. This third installment will discuss the role of automation in the coming of age of what’s called “continuous ... Read More
Proactively Hardening Systems: Application and Version Hardening
The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now ... Read More
Configuration Hardening: Proactively Guarding Systems Against Intrusion
The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that’s been repeatedly quenched and tempered or of ... Read More
