The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • The Top 3 Security Issues in Federal Cloud Computing

    April 17, 2014, Rob Barnes, Director, Federal Practice

    Rob Barnes

    A journalist recently asked me for my top three pressing concerns related to Federal cloud security. Here are a few points I had to offer up. Read More

    Posted in: cloud, cybersecurity, education, federal, government, security | 0 Comments

  • Heartbleed Vulnerability Bug: What You Need to Know

    April 10, 2014, Mike Weber, Managing Director, Coalfire Labs

    Mike Weber

    The widely publicized heartbleed bug (http://heartbleed.com/) may be impacting as many as 500,000 systems across the Internet.  Heartbleed is the name of a vulnerability in the OpenSSL program that powers encrypted communication to many of the world's web sites and private networks.  Below you will find out who is affected, what the workarounds are and how Coalfire can help. Read More

    Posted in: breach, forensics, heartbleed, labs, vulnerability | 0 Comments

  • SEC Roundtable

    April 04, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Rick Dakin

    On Wednesday, I attended a roundtable discussion the Securities and Exchange Commission held to gather information on cybersecurity trends and potential disclosure requirements for regulated public companies and stock exchanges. Read More

    Posted in: GRC, Risk | 0 Comments

  • DoD DIACAP transition to RMF approved

    April 03, 2014, Tom McAndrew, EVP, Coalfire Federal

    Tom McAndrew

    Welcome DIARMF!  This has been a long time coming. From DITSCAP to DIACAP and now to DIARMF the Department of Defense approved the transition to a Risk Management Framework (RMF) approach developed by NIST on March 12.

    What does this mean for Information Systems and Platform Information Technology that are already authorized or in the authorization process? While there are many details affecting DoD Unified Capabilities, Cryptography Trusted Platform Module and Cybersecurity Reciprocity…the broad instruction is explained below. Read More

    Posted in: diacap, diarmf, DoD, federal | 0 Comments

  • University Data Breaches Pose Threat to Students, Academic Openness

    April 02, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Rick Dakin

    North Dakota State University administrators confirmed last week that hackers never accessed the personal information of more than 200,000 students, faculty and staff housed on the server they successfully infiltrated. This attack perfectly suits the modern hacker’s MO. They attack open systems wherever they can find them. Just like predators on the African plains, they ignore the strong and well-protected, instead going after the weak and the old. Once one system is compromised, hackers can use it to vector into others, as they did in the recent breach at Target. Read More

    Posted in: Ed, GRC, Higher | 0 Comments

  • Displaying results 1-5 (of 111)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >|