The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • Humans Are the Weakest Link in Security

    July 17, 2018, Mike Weber, Vice President, Coalfire Labs

    In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.

    Read more
  • Transitioning to the New SOC 2 Criteria – What You Need to Know

    July 13, 2018, Jeff Cook, Principal, SOC Practice, Coalfire

    SOC 2 has seen quite a few changes in the past year in how reports must be presented in the future. The American Institute of Certified Public Accountants (AICPA) replaced the old SSAE 16 standard with SSAE 18, released the 2017 Trust Services Criteria, the new Description Criteria (DC-200), and a new SOC 2 Guide. That’s a lot of change in a small amount of time! Many of these changes will help clarify reports and make SOC examinations stronger; Coalfire is here to help you navigate the changes and understand how it will affect your reporting.

    Read more
  • NIST SP 800-171A Assessment: Finalized Assessment Objectives Foster a Roadmap to Compliance

    July 13, 2018, Mandy Pote, Senior Consultant, Cyber Risk Services, Coalfire

    On June 13, 2018, NIST formally released their Special Publication (SP) 800-171A, Assessing Security Requirements Controlled Unclassified Information (CUI).This publication provides organizations with an assessment methodology to evaluate their compliance with the CUI security requirements defined in NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which went into effect on December 31, 2017.

    Read more
  • Expanded Privacy Protections Granted to California Residents: The California Consumer Protection Act

    July 11, 2018, Lisa Gumbs, Senior Consultant, Commercial Services, GDPR, Coalfire

    In late June, California passed a new consumer privacy law—the California Consumer Privacy Act (CCPA). This statute provides protections to California residents; but it will also have wide-ranging effects outside of California as it will apply to organizations that conduct business in California. The CCPA, which goes into effect on January 1, 2020, will be the broadest privacy law in the United States, granting more protections to personal data than any current privacy statute.

    Read more
  • Incident Response: Do Your Vendor Contracts Have Claws (for Liability)?

    July 09, 2018, Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

    In previous blogs, we’ve discussed some of the struggles organizations have when responding to cyber incidents. For many, it is the recovery aspect, and specifically vendor liability for the data or privacy breach, that poses many questions. In trying to assign liability, the obvious place to start is the contract with the vendor. Generally, most vendor contract language limits liability to some small percentage of the contract value, and most contracts have limited liability clauses that completely remove vendor liability relating to damages even if the vendor is negligent in its implementation of the product or service.

    Read more
  • Displaying results 1-5 (of 304)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics


RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)