The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • New National Exam Program Risk Alert

    April 24, 2014, Justin Orcutt, Regional Sales Manager

    In case you missed the most recent National Exam Program Risk Alert, you might want to head over to their website and determine what this may mean for you and your company. Since this may be a topic at your next board meeting, you should be prepared to answer any potential questions. Your board will want to know the status and effectiveness of your cybersecurity because the SEC will now be conducting examinations of more than 50 registered broker-dealers and registered investment advisers. 

    Read more
  • Heartbleed – When Will the Next Shoe Drop?

    April 22, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Last week, while I was in the offices of one of our customers, a long-present but little-known vulnerability in OpenSSL became public knowledge. Our client detected it early and made the necessary patches and updates. The systems deployed by their customers are now secure. Consumers will change their passwords and credentials stolen prior to the Heartbleed fixes will be worthless. Read more
  • The Top 3 Security Issues in Federal Cloud Computing

    April 17, 2014, Rob Barnes, Director, Federal Practice

    A journalist recently asked me for my top three pressing concerns related to Federal cloud security. Here are a few points I had to offer up.

    Read more
  • Heartbleed Vulnerability Bug: What You Need to Know

    April 10, 2014, Mike Weber, Vice President, Coalfire Labs

    The widely publicized heartbleed bug (http://heartbleed.com/) may be impacting as many as 500,000 systems across the Internet.  Heartbleed is the name of a vulnerability in the OpenSSL program that powers encrypted communication to many of the world's web sites and private networks.  Below you will find out who is affected, what the workarounds are and how Coalfire can help.

    Read more
  • SEC Roundtable

    April 04, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    On Wednesday, I attended a roundtable discussion the Securities and Exchange Commission held to gather information on cybersecurity trends and potential disclosure requirements for regulated public companies and stock exchanges.

    Read more
  • DoD DIACAP transition to RMF approved

    April 03, 2014, Tom McAndrew, EVP Commercial Services, Coalfire

    Welcome DIARMF!  This has been a long time coming. From DITSCAP to DIACAP and now to DIARMF the Department of Defense approved the transition to a Risk Management Framework (RMF) approach developed by NIST on March 12.

    What does this mean for Information Systems and Platform Information Technology that are already authorized or in the authorization process? While there are many details affecting DoD Unified Capabilities, Cryptography Trusted Platform Module and Cybersecurity Reciprocity…the broad instruction is explained below.

    Read more
  • University Data Breaches Pose Threat to Students, Academic Openness

    April 02, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    North Dakota State University administrators confirmed last week that hackers never accessed the personal information of more than 200,000 students, faculty and staff housed on the server they successfully infiltrated. This attack perfectly suits the modern hacker’s MO. They attack open systems wherever they can find them. Just like predators on the African plains, they ignore the strong and well-protected, instead going after the weak and the old. Once one system is compromised, hackers can use it to vector into others, as they did in the recent breach at Target.

    Read more
  • It wasn't raining when Noah built the ark

    April 01, 2014, Craig Billado, Forensic Analyst, Coalfire Labs

    This month movie-goers around the world will flock (possibly two-by-two) to see Darren Aronofsky’s ‘Noah’—a silver-screen adaptation of the timeless biblical story, starring Russell Crow and Jennifer Connelly .  Whether one interprets the flood narrative literally or figuratively, this fact remains:  the time to prepare for disaster is not after the fact but beforehand. This is true whether the calamity is divine or human in origin.

    Read more
  • HIPAA Compliance: A Demanding Effort Yielding Deserved Benefits

    April 01, 2014, Gerald Drake III, IT Security Consultant

    The heat is on!  Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has never been more scrutinized and highly regarded.  The push towards compliance has fueled businesses large and small to explore the options and necessary requirements of HIPAA compliance.  Specifically, any organization that meets the HIPAA definition of a covered entity or business associate is subject to and under the HIPAA compliance umbrella, regardless of how far removed they are from the point of treatment, and is subject to audit, fines, and penalties in the event of a breach.

    Read more

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags