For organizations looking to reassure customers that excellent data governance is one of their guiding principles, and that they’re doing everything in their power to mitigate the risk posed by cybercrime, ISO/IEC27001 certification is one of the best ways to demonstrate that commitment. Nevertheless, it’s a high standard to achieve. According to data supplied by ISO.org, only 28,426 companies worldwide had achieved the certification by 2022.

For organizations looking to reassure customers that excellent data governance is one of their guiding principles, and that they’re doing everything in their power to mitigate the risk posed by cybercrime, ISO/IEC27001 certification is one of the best ways to demonstrate that commitment. Nevertheless, it’s a high standard to achieve. According to data supplied by ISO.org, only 28,426 companies worldwide had achieved the certification by 2022.

The Payment Card Industry Data Security Standard, also known as PCI DSS is a thorough process that reviews a company’s systems and policies for handling and storage of sensitive consumer cardholder data.

Tripwire Configuration Manager allows for user created configuration and compliance management content via a new Policy Management capability. Custom user content can be used alongside existing cloud service provider and third-party SaaS policies, providing multiple new use cases for data gathering and expanding policy compliance support into new services. This blog will describe some of the features and use cases for the Policy Management capability.

Enterprises continue to embrace cloud technology, some driven by the desire to offload rising hardware costs and operational overhead, others enticed by the promise of scalable, on-demand, practically infinite capacity and capability only a few clicks away.

Does the saying "compliance does not equal security" paint a holistic picture? Sure, the concept is genuine; meeting a single compliance standard will not directly improve security posture. However, after working with hundreds of organizations, we have learned there are key considerations that can help maximize the value and urgency of compliance requirements by channeling such efforts into more practical risk assessments.

The Payment Card Industry Data Security Standard (PCI DSS) entered the scene back in 2004 with the rise of payment fraud. Created by leaders in the credit card industry, PCI DSS was developed to provide a baseline of technical and operational requirements designed to protect cardholder payment data and was commonly understood by those in the legacy security world.

The Cybersecurity Maturity Model Certification (CMMC) is a well-known framework for assessing the maturity of an organization’s cybersecurity. It’s designed to help organizations improve their cybersecurity by raising awareness about best practices and implementing a roadmap.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare entities to implement policies and procedures to safeguard the privacy and security of the protected health information (PHI) of patients. One core requirement is to perform risk assessments. This article explains what a risk assessment is according to HIPAA and offers guidance about the steps involved.

It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost). Hallelujah! If you’re reading this article, then there’s a reasonable assumption that you know what ISO27001 is and you’re not going to be too worried about the back story. But let’s all be clear on a couple of points. The current version of the Information Security Management Standard is ISO27001:2013.