The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Google Cloud NEXT '18: A Growing Event with Much to Offer

    August 09, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

    If you want to learn what's up and coming for Google Cloud and make some great connections, Google Cloud NEXT is an informative, lively event to prioritize on your conference calendar. Coalfire attended the recent Google Cloud NEXT '18 conference in San Francisco (July 24-27) and found it to be a good venue to meet existing customers, make new contacts, and attend informative technical sessions. This is the second year for Google Cloud's conference, and it proved to be a platform for many product and feature announcements while conveying a strong security theme. In addition to the many technical talks on security topics, Google Cloud made several important service announcements related to security; this blog post will review a few of the more noteworthy topics.

    Read more
  • Our Analysis: Gartner’s Hype Cycle for Risk Management, 2018

    August 08, 2018, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    For those of us charged with managing cyber risk as well as planning and budgeting for cybersecurity, the Gartner “Hype Cycle for Risk Management, 2018” provides some helpful perspectives that are useful in setting both priorities and expectations.

    Read more
  • Humans Are the Weakest Link in Security

    July 17, 2018, Mike Weber, Vice President, Coalfire Labs

    In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.

    Read more
  • Transitioning to the New SOC 2 Criteria – What You Need to Know

    July 13, 2018, Jeff Cook, Principal, SOC Practice, Coalfire

    SOC 2 has seen quite a few changes in the past year in how reports must be presented in the future. The American Institute of Certified Public Accountants (AICPA) replaced the old SSAE 16 standard with SSAE 18, released the 2017 Trust Services Criteria, the new Description Criteria (DC-200), and a new SOC 2 Guide. That’s a lot of change in a small amount of time! Many of these changes will help clarify reports and make SOC examinations stronger; Coalfire is here to help you navigate the changes and understand how it will affect your reporting.

    Read more
  • NIST SP 800-171A Assessment: Finalized Assessment Objectives Foster a Roadmap to Compliance

    July 13, 2018, Mandy Pote, Senior Consultant, Cyber Risk Services, Coalfire

    On June 13, 2018, NIST formally released their Special Publication (SP) 800-171A, Assessing Security Requirements Controlled Unclassified Information (CUI).This publication provides organizations with an assessment methodology to evaluate their compliance with the CUI security requirements defined in NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which went into effect on December 31, 2017.

    Read more
  • Displaying results 21-25 (of 325)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Agency AICPA Assessment assessments audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act Chertoff cloud CoalfireOne Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA Safe Harbor scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS