Letting Go While Holding On: Managing Cyber Risk in Cloud Environments

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years. Wi… Continue reading Letting Go While Holding On: Managing Cyber Risk in Cloud Environments

The MITRE ATT&CK Framework: Credential Access

There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather… Continue reading The MITRE ATT&CK Framework: Credential Access

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, t… Continue reading How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

The MITRE ATT&CK Framework: Initial Access

Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What is differ… Continue reading The MITRE ATT&CK Framework: Initial Access

20 CIS Controls – Control 2: Inventory and Control of Software Assets

Today, I will be going over Control 2 from version 7 of the top 20 CIS Controls – Inventory and Control of Software Assets. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 2 Let Cont… Continue reading 20 CIS Controls – Control 2: Inventory and Control of Software Assets