The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • PCI DSS version 3.1 released!

    April 15, 2015, Matt Getzelman, PCI Practice Director

    As expected, a “minor” revision to the PCI DSS 3.0 standard (now version 3.1) was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data Environment (CDE). In response, the SSC has updated PCI DSS requirements 2.2.3, 2.3 and 4.1 to remove any references that cite SSL 3.0 and early versions of TLS 1.0 as examples of strong cryptography.

  • Where is your social security number today?

    April 14, 2015, Leslie Kaniecki, CPA/CGMA

    As April 15 approaches, the “water cooler” talk revolves around all types of topics related to the tax season.  However, due to the overwhelming number of security breaches reported this past year, several individuals are finding that fraudulent tax filings were created with voluntarily provided personal information. You are able to prevent this.

  • Optimizing Credit Card Compliance (PCI) and SOC2 Service Provider Audits

    April 09, 2015, Carlos Pelaez, Director of Business Development

    With the number of breaches in the news, companies processing credit cards may be interested to know how much overlap there is with a SOC2 service provider audit. PCI and SOC2 are two common compliance areas that many service providers purchase. With a new, third party tool provided by the Unified Compliance Framework (UCF) called Common Controls Hubs, companies can identify the common controls and prepare for multi-compliance audits.

  • The Future of Healthcare Cybersecurity: The Best Defense is a Good Offense

    March 20, 2015, Andrew Hicks, Director, Healthcare Practice Lead

    In the last five years with the increasing digitalization of health information, healthcare security breaches have increased four-fold with the industry experiencing more breaches than any other in 2013. With a large number of potential targets and the high value of personal medical information on the black market, healthcare organizations will continue to be more appealing targets.

  • COSO Framework for Service Organizations and SOC Reporting (Part 2 of 3)

    March 06, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls

    Every SOC report (whether it is a SOC 1, SOC 2 or SOC 3) should include information about the service organization’s risk assessment process.  Risk assessment can take many forms and there is no “one size fits all” format.  Risk assessment is intended to be an evolutionary process, designed to meet the specific needs of individual companies.

  • Displaying results 1-5 (of 159)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

Follow us to get the latest updates.