Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Achieving Automated TISAX Compliance
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Achieving Automated TISAX Compliance

5 years ago Max Gilg
Achieving Automated TISAX Compliance

Digital attackers are increasingly targeting the automotive industry. In its 2020 Automotive Cybersecurity Report, for instance, Upstream found that the number of annual automotive cybersecurity incidents had increased by 605% since 2016, with the number of incidents has doubled in 2019 alone.

More than half (57%) of those security incidents involved cybercriminals who attempted to disrupt businesses, steal property and demand ransoms by targeting keyless entry systems, backend servers and mobile apps. Together, those attacks compromised companies in every stage of the automotive supply chain including original equipment manufacturers (OEMs), fleets, telematics and after-market service providers.

The Changing Automotive Security Landscape

International institutions are taking steps to help automotive organizations to defend themselves against black hat hackers and other digital threats. On June 23, for instance, the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations adopted two new regulations designed to help organizations confront the cybersecurity threats confronting connected cars.

Those regulations, which entered into effect in January 2021, provide organizations in the automotive sector with a framework for identifying digital security risks, regularly update risk assessments and respond to digital attacks, along with implementing other processes.

Automotive digital security is also on the minds of individual nation-states. An example of this the Trusted Information Security Assessment Exchange (TISAX). Since 2017, TISAX has acted as an assessment and exchange mechanism through which organizations can submit to audits in compliance with the information security requirements catalogue developed by German automotive group Verband Deutscher Automobilindustire (VDA).

That catalogue, known as the VDA Information Security Assessment (VDA ISA), applies to companies that touch any point of the German automotive supply chain. Its industry-wide enforcement applies to auto manufacturers and OEMs, but it reaches further than that to encompass partners and suppliers, as well.

Even if companies aren’t based in Germany and produce only a single microchip that will ultimately end up in a German vehicle, their network still falls under the purview of those requirements, so they need to use TISAX to complete an information security assessment. 

Why a Pre-Audit Sprint Isn’t the Way to TISAX Compliance

Supply chain managers who are responsible for controlling the digital environment of the supply chain know they need to produce evidence of TISAX compliance for their OEM in the form of an audit certificate. If a satisfactory audit certificate can’t be provided, supply chain managers can lose access to their OEM’s technology environments, hindering their ability to conduct business as usual. So naturally, companies are willing to pour significant resources into audit preparation in order to reach their targets.

But taking this kind of approach to audit preparation comes with its drawbacks, as well. Audit preparation for pertinent companies can take IT teams away from their regular work for weeks and even months at a time. Focused on producing evidence of TISAX compliance across the network, these pre-audit sprints not only drain time and resources, but they also produce compliance levels only for a specific point in time.

Automating TISAX with Tripwire Enterprise

Instead of throwing all you have at cultivating short-term compliance, teams can use Tripwire® Enterprise in order to maintain truly continuous compliance and stay audit-ready year-round. Tripwire Enterprise is a security configuration management (SCM) suite that provides fully integrated solutions for policy, file integrity and remediation management. Once Tripwire Enterprise is installed in an environment, it uses the TISAX policy against a current configuration state and automatically alerts on non-compliant assets with instructions for remediation. It provides continuous—rather than point-in-time—compliance.

Provided below are some additional benefits on how Tripwire Enterprise can help organizations to achieve and maintain TISAX compliance:

  • Speed up audits and reduce audit preparation  
  • Be 24/7 complaint and improve cybersecurity
  • Use cybersecurity resources more efficiently
  • Use compliance as an easy-to-measure KPI
  • Track compliance and configuration drift
  • Get clear, automated change documentation

Organizations can use Tripwire Enterprise to monitor for multiple compliance policies at once. For example, they may need to apply policies for TISAX, ISO27001 and IEC62443 in tandem. Tripwire Enterprise provides access to the broadest available library of platform and policy combinations to ensure compliance is enforced comprehensively across the whole environment. For easier implementation and deep visibility into the compliance state of operational technology (OT) environments, Tripwire Enterprise also integrates into Tripwire Industrial Visibility.

Why is SCM Critical for Continuous Compliance?

Monitoring the configuration state within a network is a twofold beneficial process: it ensures continuous compliance with compliance standards like TISAX, but it also staves off potential cyberattacks and breaches by keeping configurations secure. When done right, SCM automatically monitors the configurations of organizations devices against a known baseline and issues an alert when there’s configuration drift. Those instances of drift could trace back to malicious actors who are attempting modifying network devices as part of their attack chain.

With SCM, security teams can act upon that information to investigate configuration changes quickly. This security control can therefore do much more than just help professionals return their employer’s device configurations to the desired state. Indeed, it can help them to spot a potential security issue and take remediation steps before it balloons into a security incident.

Summary

Tripwire’s SCM suite, Tripwire Enterprise, contains a pre-built policy for TISAX that organizations can leverage for continuous compliance and audit-preparedness, enforce multiple compliance policies across their environment and take advantage of the cybersecutity benefits that arise from TISAX compliance.

For more information on how Tripwire can help your organization with your TISAX compliance obligations, click here.

The post ” Achieving Automated TISAX Compliance” appeared first on TripWire

Source:TripWire – Max Gilg

Tags: Critical Severity, Encryption, TripWire

Continue Reading

Previous Pair of Apex Legends Players Banned for DDoS Server Attacks
Next MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

20 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

22 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

23 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

1 day ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT