The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Automating Incident Prevention and Response in AWS

    October 22, 2018, AJ Yawn, Principal, SOC Practice, Coalfire

    Information security incidents can result in reputational damage, financial losses, or a loss of system functionality for organizations at any time. Because threats and attack vectors are growing rapidly, organizations must prepare to respond to incidents in real time. The incident response (IR) process must be able to detect common attack vectors and common misconfigurations that could potentially lead to an incident. Effective IR is vital to the security of any organization and is also a critical process that is evaluated when undergoing the following compliance assessments: FedRAMP, SOC & SSAE 18, ISO, HITRUST, PCI-DSS, among others.

    Read more
  • Coalfire Teams with Healthcare and Public Health Sector Coordinating Council (HSCC) for Fall Summit

    October 18, 2018, Rich Curtiss, Principal, Healthcare Risk Assurance Services

    The Department of Homeland Security (DHS) charged the Healthcare and Public Health Sector Coordinating Council (HSCC) with serving as a partnership between the private and public healthcare sectors. To that end, two unique councils were formed: The Healthcare and Public Health Government Coordinating Council (HGCC) was established by presidential directive to sustain the essential functions of the nation’s healthcare and public health system; the HSCC is a companion council established by presidential directive as a private sector counterpart with similar mission objectives. A key difference between the two is the HSCC is a purely voluntary organization whose membership is solicited to provide influence and expertise within the healthcare industry.

    Read more
  • What You Need to Know from the North American PCI Community Meetings

    October 05, 2018, Dan Fritsche, Principal, Retail and Financial Services

    Too busy to attend the PCI Community Meetings this year? Coalfire has you covered with the top 6 things you need to know from the most important annual payments conference in the world.

    Read more
  • IoT Adventures: The LeFun WiFi Camera

    October 03, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    Recently I happened to be in the market for a baby monitor, so I decided to search Amazon for an affordable device that would fit my needs. A search for “baby monitor” within the “electronics” department brought me to the LeFun WiFi Camera. For $39.99 (at the time of my purchase), this seemed like it could be a good deal. Knowing the reputation of Internet of Things (IoT) devices, I was curious about its security. This was addressed in the product description with the guarantee that when I connect to any device, it will be via a “secure and safe network” and will be secured with “financial-level encryption.” It also boasts that they are “CE, FCC, and RoHS certified,” which is good, despite those certifications only dealing with safety and not information security.

    Read more
  • Waiting, Waiting, Waiting... Is There a Right Time for Breach Notification?

    September 28, 2018, Andrew Brosman, Consultant, Cyber Risk Advisory

    Recently, a popular online retailer revealed a month-long data breach. Card-skimming code was found capturing customer credit card data from the payment page of its website and sending that data to what appeared to be a legitimate server (with a similar domain name and a valid HTTPS certificate). The company has not yet determined which customer accounts may have been affected, so the extent of the damage is yet to be determined.

    Read more
  • Displaying results 1-5 (of 318)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags