The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
Secret Services Issues Warning to Hospitality Industry, Now What?
July 25, 2014, Dan Fritsche, Practice Director, Coalfire Labs
The U.S. Secret Service has issued an advisory to the hospitality industry to be on alert for keyloggers on the computers in the business center. Whether your hotel received this advice or not, this is something that will undoubtedly affect your business in the near future. We’ve put together this brief guide on reacting to the advisory. Read More
Posted in: breach, cybersecurity, Forensics, keylogging, Labs, Risk, security | 0 Comments
Cybersecurity and the Financial Services Industry
July 03, 2014, Justin Orcutt, Regional Sales Manager
2014 is the year that the US Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) is turning its focus to cybersecurity, a looming threat to any and all companies that utilize the internet. In case you missed my last post, back in March the OCIE hosted a Cybersecurity Roundtable to discuss the importance of protecting consumer data and the security of market systems following a steep increase in breaches by its members. Read More
Posted in: cybersecurity, GRC, Risk | 0 Comments
What you need to know from the OCR’s Report to Congress on Breaches and HIPAA Rules Compliance
June 26, 2014, Rick Link,
Last week the HHS Office for Civil Rights (OCR) issued their Annual Report to Congress on Breaches of Unsecured Protected Health Information (PHI) for calendar years 2011 and 2012. This is their second annual report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Read More
Posted in: Healthcare, HIPAA | 0 Comments
Emerging Threats and Going Beyond Compliance
June 25, 2014, Kennet Westby, President and COO
I recently presented to a C-level gathering of retail finance executives about the industry’s changing threat landscape and the emerging threats facing omni-channel sellers. The retail security environment has changed dramatically in the past few years. Not that long ago, retailers mostly worried about protecting payment card information and staying PCI compliant. Read More
Posted in: GRC, PCI | 0 Comments
HIMSS Privacy & Security Forum – West 2014 Wrap-Up
June 23, 2014, Andrew Hicks, Director, Healthcare Practice Lead
The first HIMSS Privacy & Security Forum in the western U.S. proved to be a success and was attended by over 300 people including attendees (CEs and BAs), speakers, exhibitors, and partners. We reconnected with several clients and met new friends at our booth, which was located right in the middle of the action. We also co-hosted a dinner with our partner, Voltage Security, and enjoyed catching up with old acquaintances and meeting new ones. Read More
Posted in: Healthcare, HIMSS, HIPAA | 0 Comments