The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
Getting Your Databases Audit Ready
April 04, 2013, Rick Link,
Your database is perhaps one of the most sensitive targets for cybercriminals as they are your company’s primary repository for confidential and proprietary data. Besides knowing what vulnerabilities exist for your perimeter network and also for your internal systems, best practices require you to manage and protect your databases from unauthorized access, whether intentional or otherwise. Read More
Posted in: audit, Data, Risk | 0 Comments
Information Governance: Get Data Classification Right First
March 21, 2013, Dirk Anderson, Managing Director, Professional Services
Data classification is one of the most crucial elements of an effective information governance process—yet it’s also one that many companies fail to implement well. In its simplest terms, data classification is the process of categorizing data based on its level of sensitivity. When done properly, the classification of data helps a company determine the most appropriate level of safeguards and controls that need to be in place. Read More
Posted in: Risk | 0 Comments
War on Passwords? Check with Your QSA First!
March 14, 2013, Matt Getzelman, PCI Practice Director
Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we don’t see a password breach in the news. Read More
Posted in: passwords, PCI, Risk, security | 0 Comments
Whether you are a large or small business, beware of these 5 common security problems
March 11, 2013, Mike Weber, Managing Director, Coalfire Labs
Every January, the trade press if full of new year’s resolution-like advice… things to do in the coming year, even Coalfire made a few predictions for 2013. I work at Coalfire Labs, and since our business is IT security and testing, we want to share some advice on how to avoid your systems and accounts from being breached. While larger companies may feel they can skip some of these steps, and still remain safe, TJX, the parent company of T.J. Maxx and Marshalls learned the hard way the damages a breach can cause. Information from up to tens of millions of credit and debit cards was stolen costing TJX millions of dollars to get the problem under control. With this in mind, here is a list of five issues companies are prone to make, and ways to avoid negative ramifications. Read More
Posted in: forensics, Labs, password, security., test, Testing | 0 Comments
Creative Ideas for Replacing Passwords
March 08, 2013, Mike Weber, Managing Director, Coalfire Labs
Passwords have been the de facto manner of providing security for IT systems. They’ve got a bad reputation, but it’s not the passwords themselves that deserve the reputation – it’s the individuals using them and the weak standards to which these passwords are managed. In fact, a password system implemented in a secure manner – long and complex passwords that change periodically – can be (virtually) uncrackable. However, a typical user isn’t apt to embrace a system that requires 15 characters or more (including numbers, upper and lower case, and special characters) and needs to change every two to four weeks. Read More
Posted in: forensics, Labs, password, security, test | 0 Comments