Post Archive
Tags
2.0 3.0 Agency Assessment assessments audit Breach BYOD cloud Compliance Cyber cybersecurity Data DRG DSS e-banking encryption engineering federal FedRAMP FISMA forensics government GRC hacker hacking Health Healthcare HIMSS HIPAA HITECH IT labs legislation merchant mobile Navis News NRF P2PE PA-DSS password passwords Payments PCI penetration pentesting policy Privacy program Retail Risk RSA security security. Self-Assessment social State test Testing Virtualization web

The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • PCI DSS 3.0 Is Coming Soon

    May 13, 2013, Matt Getzelman, PCI Practice Director

    Matt Getzelman

    The PCI Security Standards Council (SSC) plans on releasing the newest version of the PCI Data Security Standard in October, 2013.  Predictably, the PCI SSC has been tight-lipped on divulging details regarding any expected changes. Read More

    Posted in: 2.0, 3.0, DSS, PCI, risk | 0 Comments

  • Compliance Talk: Debt Collectors and PCI

    May 06, 2013, Ken Ballard,

    Ken Ballard

    As the largest IT audit and compliance advisor in the U.S., Coalfire is exposed to a wide variety of compliance concerns.  In this series of Compliance Talk blogs, Dirk and Ken are back at their favorite coffee shop…the Bean and Berry in Louisville, Colorado.   Over a couple cappuccinos, their discussion turned to some of the unique aspects, when it comes to data security, of debt collection companies. Read More

    Posted in: Risk | 0 Comments

  • Getting Your Databases Audit Ready

    April 04, 2013, Rick Link,

    Rick Link

    Your database is perhaps one of the most sensitive targets for cybercriminals as they are your company’s primary repository for confidential and proprietary data. Besides knowing what vulnerabilities exist for your perimeter network and also for your internal systems, best practices require you to manage and protect your databases from unauthorized access, whether intentional or otherwise. Read More

    Posted in: audit, Data, Risk | 0 Comments

  • Information Governance: Get Data Classification Right First

    March 21, 2013, Dirk Anderson, Managing Director, Professional Services

    Dirk Anderson

    Data classification is one of the most crucial elements of an effective information governance process—yet it’s also one that many companies fail to implement well. In its simplest terms, data classification is the process of categorizing data based on its level of sensitivity. When done properly, the classification of data helps a company determine the most appropriate level of safeguards and controls that need to be in place. Read More

    Posted in: Risk | 0 Comments

  • War on Passwords? Check with Your QSA First!

    March 14, 2013, Matt Getzelman, PCI Practice Director

    Matt Getzelman

    Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we don’t see a password breach in the news. Read More

    Posted in: passwords, PCI, Risk, security | 0 Comments

    • Displaying results 1-5 (of 8)
     |<  < 1 - 2  >  >|