• Accelerate Your Path to Cloud Compliance

    March 30, 2020, Adam Kerns, Managing Principal, Commercial Services: Product Development, Coalfire

    It's no secret that the principles, controls, and terminology associated with compliance can be a confusing alphabet soup that hinders an organization's ability to go-to-market and expand its customer base. The difficulties in meeting compliance objectives are not limited to organization size or types. Most (if not all) organizations struggle to integrate compliance requirements into their existing workloads and systems.

    Read more
  • COVID-19 Incites Crimes of Opportunity

    March 24, 2020, Mike Weber, Vice President, Coalfire Labs

    Cybercriminals don't care that you're worried about a global pandemic. They are opportunistic, and we should expect them to take advantage of COVID-19 in a variety of creative ways. With our economy essentially shut down and one in five Americans ordered to stay home, millions of people are less mobile and will ultimately spend more time than ever on the internet. The good news is that people may be less vulnerable to the cyber threats that abound due to this reduced mobile, but there are plenty of ways to target people, and the latest crisis provides ample fodder to start with.

    Read more
  • Keeping Privacy Afloat During a Pandemic

    March 20, 2020, Chalice Beam, Senior Manager, Health & Life Sciences, Coalfire

    The world is navigating uncharted digital waters and facing evolving challenges to maintain patient privacy. Protected Health Information (PHI) is a ship sailing in a sea of digital risks and vulnerabilities. Humans wreak havoc at every turn – not always intentionally – and actions during times of uncertainty will have long-term effects. Read more
  • Aligning Enterprise Cyber Risk and Business Strategy

    March 19, 2020, Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

    Most business leaders have a contextual awareness of cyber risk and the threats facing their organizations. However, this contextual awareness rarely contributes to a clear, consolidated directive that can be applied across the organizations. Further, many organizations struggle to align their cyber risk management initiatives and their organization’s business strategies. This creates operational friction between those responsible for managing enterprise cyber risk and the business leaders’ goal of expanding their market presence, maintaining revenue streams, and developing new products and services. What is needed is an approach that aligns enterprise cyber risk and business strategy in a way that communicates how cyber risk can enable the business to expand its markets, protect revenue streams, and securely develop and deploy new products and services.

    Read more
  • The Basics of Exploit Development 2: SEH Overflows

    March 13, 2020, Andy Bowden, Consultant, Coalfire Labs

    In this article we will be writing an exploit for a 32-bit Windows application vulnerable to Structured Exception Handler (SEH) overflows. While this type of exploit has been around for a long time, it is still applicable to modern systems.

    Read more
  • Third Party Risk Management and the Cloud

    March 11, 2020, Michael Reiter, Director, Cyber Risk Advisory, Coalfire

    Security awareness and preparation are getting more widespread. Corporate boards and C-suite executives are taking Third-Party Risk Management (TPRM) more seriously as they see what has happened to other enterprises in the not-so-distant past. I am speaking primarily of the top-level enterprises, but even smaller companies and less tech-oriented companies often have a hard time securing their infrastructure. If you are a widget supplier with a hundred employees, it’s hard—maybe impossible—to dedicate a full-time resource to things like patching, firewalls, identity and access management, and intrusion detection and incident response. The money just isn’t there.

    Read more
  • Quality is Job One When it Comes to the HITRUST CSF Assurance Program

    March 02, 2020, Zach Shales, Principal, Healthcare Certification, Coalfire

    The HITRUST CSF® remains an essential security and privacy controls framework that addresses the multitude of security, privacy, and regulatory challenges facing both public and private sector organizations. As framework adoption increases across all industries, maintaining integrity is crucial, and continuous improvement should always be top of mind with any endeavor. This was HITRUST’s clear intent when they announced the formation of an Assessor Council back in 2016 and a Quality Subcommittee in 2017. Read more

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff cloud CoalfireOne Compliance Covid-19 credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS
Top