The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • Highlights from the HITRUST Health Industry Third Party Assurance Summit

    November 19, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director

    On June 29, 2015, the Health Information Trust Alliance (HITRUST) announced that several massive payer organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will require their business associates to obtain CSF certification.  While this is old news, HITRUST assembled more than 350 business-associate attendees at the “Health Industry Third Party Assurance Summit: Driving Efficiencies and Compliance through the HITRUST Assurance Program” last Friday as a way for business associates to (1) better understand the reasons for the mandate, (2) understand the journey to CSF certification, (3) interact with CSF Assessor organizations (such as Coalfire), and (4) learn about current initiatives underway at HITRUST.

  • The Ghosts Inside - Horror Stories 2015

    October 26, 2015, Joseph Hesse, Director of Penetration Testing

    By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a ghost it’s always a little… spooky.

  • Breaching a bank in 20 minutes - Horror Stories 2015

    October 26, 2015, Ryan MacDougall, Sr. Security Consultant

    I arrived onsite to suite #102 (the bank’s corporate headquarters) around 9:40 a.m. I was impersonating a local utility worker – with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well.

  • The 100 Million Dollar Getaway - Horror Stories 2015

    October 26, 2015, Price McDonald, Director Labs Professional Services

    In today's security landscape, companies face daily threats to their reputation and intellectual property.  The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats.  In reality, the quest for a security silver bullet is a fool's errand, and any solid security program will revolve around continuous evaluation and training against emerging threats.

  • The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo

    October 22, 2015, John Rostern, VP, Technology Advisory and Assessment Services

    European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice (ECJ) declared Safe Harbor laws invalid earlier this month.  The new agreement must protect the personal data of European citizens from ‘massive and indiscriminate surveillance conducted by the U.S. government’, the authorities said.  These actions were ruled incompatible with EU law in an Oct. 6 decision by the ECJ.

  • Displaying results 1-5 (of 189)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics



Follow us to get the latest updates.