The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
The Top 3 Security Issues in Federal Cloud Computing
April 17, 2014, Rob Barnes, Director, Federal Practice
A journalist recently asked me for my top three pressing concerns related to Federal cloud security. Here are a few points I had to offer up. Read More
Posted in: cloud, cybersecurity, education, federal, government, security | 0 Comments
Heartbleed Vulnerability Bug: What You Need to Know
April 10, 2014, Mike Weber, Managing Director, Coalfire Labs
The widely publicized heartbleed bug (http://heartbleed.com/) may be impacting as many as 500,000 systems across the Internet. Heartbleed is the name of a vulnerability in the OpenSSL program that powers encrypted communication to many of the world's web sites and private networks. Below you will find out who is affected, what the workarounds are and how Coalfire can help. Read More
Posted in: breach, forensics, heartbleed, labs, vulnerability | 0 Comments
April 04, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist
On Wednesday, I attended a roundtable discussion the Securities and Exchange Commission held to gather information on cybersecurity trends and potential disclosure requirements for regulated public companies and stock exchanges. Read More
Posted in: GRC, Risk | 0 Comments
DoD DIACAP transition to RMF approved
April 03, 2014, Tom McAndrew, EVP, Coalfire Federal
Welcome DIARMF! This has been a long time coming. From DITSCAP to DIACAP and now to DIARMF the Department of Defense approved the transition to a Risk Management Framework (RMF) approach developed by NIST on March 12.
What does this mean for Information Systems and Platform Information Technology that are already authorized or in the authorization process? While there are many details affecting DoD Unified Capabilities, Cryptography Trusted Platform Module and Cybersecurity Reciprocity…the broad instruction is explained below. Read More
Posted in: diacap, diarmf, DoD, federal | 0 Comments
University Data Breaches Pose Threat to Students, Academic Openness
April 02, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist
North Dakota State University administrators confirmed last week that hackers never accessed the personal information of more than 200,000 students, faculty and staff housed on the server they successfully infiltrated. This attack perfectly suits the modern hacker’s MO. They attack open systems wherever they can find them. Just like predators on the African plains, they ignore the strong and well-protected, instead going after the weak and the old. Once one system is compromised, hackers can use it to vector into others, as they did in the recent breach at Target. Read More
Posted in: Ed, GRC, Higher | 0 Comments