The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • COSO Framework for Service Organizations and SOC Reporting (Part 1 of 3)

    February 24, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls

    One of the most important reference tools that companies use to establish and evaluate their internal controls is the Committee of Sponsoring Organizations' (COSO) Internal Control - Integrated Framework.  Initially published in 1992 (the 1992 Framework), the COSO framework has been the most widely used model for internal control for the past 20 years.

  • What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization

    February 19, 2015, Matt Getzelman, PCI Practice Director

    In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the PCI SSC’s definition of “Strong Encryption” and this will have immediate impact to several existing requirements.  However, one key point from the announcement should be highlighted:

  • Emerging Payment Technologies and Due Diligence: A Warning about “Silver Bullets”

    February 09, 2015, Matt Getzelman, PCI Practice Director

    2015 will be an exciting year for the payments industry, especially for merchants that now have a number of new payment technologies at their disposal.  Emerging payment technologies such as Point-to-Point-Encryption (P2PE), Tokenization, EMV/Chip and Signature and Mobile Payment Acceptance are hitting the market globally and all of them can help reduce the risk of cardholder data compromise as well as potentially impact the compliance posture of merchants that choose to adopt them.

  • Anthem Data Breach - A Message from Coalfire's Healthcare Practice Director

    February 05, 2015, Andrew Hicks, Director, Healthcare Practice Lead

    Several weeks ago I had the opportunity to speak on a panel at a healthcare conference. In attendance were CIOs, CISOs, VPs of IT, and members of legal counsel. The individuals attending the session represented organizations ranging from small- to medium-sized business associates all the way up to large, multi-networked hospitals defined as covered entities under the Health Insurance Portability and Accountability Act (HIPAA).

  • Their Claim to Fame – So-Called HIPAA-Compliance Experts and Tools

    January 15, 2015, Andrew Hicks, Director, Healthcare Practice Lead

    Have you noticed how many vendors and software solutions are out there claiming they can make you HIPAA-compliant?  Well, at the end of the day that’s simply not possible because only you can make your organization HIPAA-compliant.  I came up with a list of “red flags” that I typically see from vendors, contractors and the like.

  • Displaying results 1-5 (of 154)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

Follow us to get the latest updates.