The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Lessons Learned from Equifax: You May Not Be as Secure as You Think

    September 19, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    (Part One of a Three Part Series)

    Unless you have been out of the country or otherwise shunning the news, you have likely heard that on September 7th and again on September 15th, Equifax reported that it suffered a security incident from May 13th through July 30th, 2017. This breach is broad reaching in its individual exposure and potential future impacts, having potentially exposed the personally identifiable information (PII) of roughly 143 million U.S. consumers, including names, Social Security numbers, birth dates and, in some instances, drivers’ license numbers. The company also reported losses related to consumer credit card data, PII on dispute documents and limited PII for certain U.K. and Canadian residents.

    Read more
  • Blueborne – Don’t Panic!

    September 12, 2017, Communications Team, Coalfire

    Here is what we know right now: Security company Armis recently released research identifying eight newly discovered vulnerabilities that exist in the wireless communications protocol Bluetooth, which could potentially affect a large percentage of the estimated 8.2 billion Bluetooth enabled devices, including laptops, mobile phones, and other IoT devices.

    Read more
  • How to Address Major Gaps in Third-Party Risk Management Programs

    September 05, 2017, Mike Stankiewicz, CISSP, CRISC, Senior Consultant, Healthcare, Coalfire

    While securing the organizational environment, it’s easy to focus on the enterprise assets without thinking as much about the vendor ecosystem. However, that extended ecosystem and how it interacts with the organization is a potential significant risk if not secured properly.

    Read more
  • Forensically Imaging a Microsoft Surface Pro 4

    August 29, 2017, Robert Meekins, Director, Forensics, Coalfire

    Working on digital forensics can sometimes create some challenging situations. Recently, we received a couple of Microsoft Surface Pro tablets to image and analyze. Having conducted forensics for a while, I realized that, depending on the version, imaging this tablet could be a challenge. Some setbacks normally associated with Surface tablets include not being able to remove the hard drive, the inability to place the device in target mode, and the hardware being very finicky about what OS can and cannot boot. Ultimately, the challenge comes down to having to use the tablet itself to perform the image, and the only option for input is a single USB port.

    Read more
  • FedRAMP JAB Business Case extended

    August 22, 2017, Abel Sussman , Director, TAAS – Public Sector and Cyber Risk Advisory

    The FedRAMP Business Case for being considered for this cycle of the Joint Authorization Board (JAB) has been pushed out to August 31 at 5:00pm eastern. The additional time is to accommodate the large number of requests to document demand verification. Earlier the JAB has stated that federal demand across the U.S. government is the primary selection criteria for cloud service providers to be selected. This demand can be shown in current customers, on premise customers interested in a cloud offering, and potential customers documented through RFI/RFPs.

    Read more
  • Displaying results 1-5 (of 241)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags