The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Google Cloud NEXT '18: A Growing Event with Much to Offer

    August 09, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

    If you want to learn what's up and coming for Google Cloud and make some great connections, Google Cloud NEXT is an informative, lively event to prioritize on your conference calendar. Coalfire attended the recent Google Cloud NEXT '18 conference in San Francisco (July 24-27) and found it to be a good venue to meet existing customers, make new contacts, and attend informative technical sessions. This is the second year for Google Cloud's conference, and it proved to be a platform for many product and feature announcements while conveying a strong security theme. In addition to the many technical talks on security topics, Google Cloud made several important service announcements related to security; this blog post will review a few of the more noteworthy topics.

    Read more
  • Our Analysis: Gartner’s Hype Cycle for Risk Management, 2018

    August 08, 2018, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    For those of us charged with managing cyber risk as well as planning and budgeting for cybersecurity, the Gartner “Hype Cycle for Risk Management, 2018” provides some helpful perspectives that are useful in setting both priorities and expectations.

    Read more
  • Humans Are the Weakest Link in Security

    July 17, 2018, Mike Weber, Vice President, Coalfire Labs

    In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.

    Read more
  • Transitioning to the New SOC 2 Criteria – What You Need to Know

    July 13, 2018, Jeff Cook, Principal, SOC Practice, Coalfire

    SOC 2 has seen quite a few changes in the past year in how reports must be presented in the future. The American Institute of Certified Public Accountants (AICPA) replaced the old SSAE 16 standard with SSAE 18, released the 2017 Trust Services Criteria, the new Description Criteria (DC-200), and a new SOC 2 Guide. That’s a lot of change in a small amount of time! Many of these changes will help clarify reports and make SOC examinations stronger; Coalfire is here to help you navigate the changes and understand how it will affect your reporting.

    Read more
  • NIST SP 800-171A Assessment: Finalized Assessment Objectives Foster a Roadmap to Compliance

    July 13, 2018, Mandy Pote, Senior Consultant, Cyber Risk Services, Coalfire

    On June 13, 2018, NIST formally released their Special Publication (SP) 800-171A, Assessing Security Requirements Controlled Unclassified Information (CUI).This publication provides organizations with an assessment methodology to evaluate their compliance with the CUI security requirements defined in NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which went into effect on December 31, 2017.

    Read more
  • Displaying results 1-5 (of 306)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags