The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • The Future of Healthcare Cybersecurity: The Best Defense is a Good Offense

    March 20, 2015, Andrew Hicks, Director, Healthcare Practice Lead

    In the last five years with the increasing digitalization of health information, healthcare security breaches have increased four-fold with the industry experiencing more breaches than any other in 2013. With a large number of potential targets and the high value of personal medical information on the black market, healthcare organizations will continue to be more appealing targets.

  • COSO Framework for Service Organizations and SOC Reporting (Part 2 of 3)

    March 06, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls

    Every SOC report (whether it is a SOC 1, SOC 2 or SOC 3) should include information about the service organization’s risk assessment process.  Risk assessment can take many forms and there is no “one size fits all” format.  Risk assessment is intended to be an evolutionary process, designed to meet the specific needs of individual companies.

  • COSO Framework for Service Organizations and SOC Reporting (Part 1 of 3)

    February 24, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls

    One of the most important reference tools that companies use to establish and evaluate their internal controls is the Committee of Sponsoring Organizations' (COSO) Internal Control - Integrated Framework.  Initially published in 1992 (the 1992 Framework), the COSO framework has been the most widely used model for internal control for the past 20 years.

  • What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization

    February 19, 2015, Matt Getzelman, PCI Practice Director

    In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the PCI SSC’s definition of “Strong Encryption” and this will have immediate impact to several existing requirements.  However, one key point from the announcement should be highlighted:

  • Emerging Payment Technologies and Due Diligence: A Warning about “Silver Bullets”

    February 09, 2015, Matt Getzelman, PCI Practice Director

    2015 will be an exciting year for the payments industry, especially for merchants that now have a number of new payment technologies at their disposal.  Emerging payment technologies such as Point-to-Point-Encryption (P2PE), Tokenization, EMV/Chip and Signature and Mobile Payment Acceptance are hitting the market globally and all of them can help reduce the risk of cardholder data compromise as well as potentially impact the compliance posture of merchants that choose to adopt them.

  • Displaying results 1-5 (of 156)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

Follow us to get the latest updates.