The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
Coalfire Acquires Digital Resources Group in California
May 10, 2012, Rick Dakin, CEO, Co-founder and Chief Security Strategist
We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group (DRG) in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance (IT GRC) services industry. As we continue to grow, acquisitions such as this will help us gain new staff, clients, skills and additional geographical presence enabling Coalfire to continue to provide top-notch services. Read More
Posted in: DRG | 0 Comments
FISMA vs FedRAMP: Compliance requirement differences
May 03, 2012, Tom McAndrew, EVP, Coalfire Federal
Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a cloud first initiative" for government agencies and organizations working with them, there’s a new set of compliance requirements to adhere to. Or is there? Read More
Posted in: assessments, compliance, federal, FedRAMP, FISMA | 0 Comments
The hackerproof password? Tips and advice on password management
May 02, 2012, Kennet Westby, President and COO
Having some security expert tell you that you should be creating strong passwords that are unique per account and change frequently is like your dentist telling you that you should floss morning, night and after consuming any dentally dangerous foods. The majority of us say, “yeah right”. The truth is that you really must do better than what the average person is doing today. In our penetration testing and forensics practices we constantly discover, usually very intelligent, people using the same weak password or PIN across every account without ever changing them. Read More
Posted in: forensics, password, security | 0 Comments
Surprises Ahead for Some Level 2 Merchants
April 12, 2012, Chris Lietz, Vice President, Marketing & Channels
The PCI DSS has been around for years, and most PCI “pro’s” are familiar with the processes needed to validate compliance. However, insiders often forget that small changes to the guidelines can have a big impact on merchants.
One such change is upon us: MasterCard’s new validation guidelines for Level 2 merchants that are scheduled to take effect on June 30, 2012. Read More
Posted in: compliance, merchant, pci | 0 Comments
Mobile Banking Malware: Protect Your Finances
April 02, 2012, Mark Lucas, VP, Navis Services
The prolific rise in smartphones, tablets and other portable devices has greatly expanded the ways in which we interact with personal and professional services. The public can now singlehandedly use their mobile device to pay for things with the ease of flashing their cell phone. Unfortunately, this rapid expansion of convenience and service also expands the threats. Read More
Posted in: e-banking, mobile, PA-DSS | 0 Comments