Case Study: State of Iowa reduces vulnerability risk by over 50% with Tripwire IP360

Iowa Improves Security with The “Top 20” Critical Security Controls

The State of Iowa’s Information Security Office, led by CISO Jeff Franklin, faced growing cyber threats and limited operational visibility under an ISO 27000–focused program. The state needed a more technical, systematic way to identify vulnerabilities, demonstrate quick wins, and prioritize risk across agencies.

Iowa adopted the Council on CyberSecurity’s “Top 20” Critical Security Controls and prioritized Control 4—continuous vulnerability management—launching a DHS‑funded pilot using Tripwire IP360. The initiative scaled to 100+ entities, reduced vulnerability risk by over 50% across most agencies (one agency saw an 84% reduction), doubled planned IP coverage, delivered statewide asset inventories (meeting Controls 1–2), standardized risk scoring, and noticeably improved incident response.

State of Iowa

Jeff Franklin

CISO