The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • Keeping Privacy Afloat During a Pandemic

    March, 2020, Chalice Beam, Senior Manager, Health & Life Sciences, Coalfire

    The world is navigating uncharted digital waters and facing evolving challenges to maintain patient privacy. Protected Health Information (PHI) is a ship sailing in a sea of digital risks and vulnerabilities. Humans wreak havoc at every turn – not always intentionally – and actions during times of uncertainty will have long-term effects. Read more
  • Aligning Enterprise Cyber Risk and Business Strategy

    March, 2020, Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

    Most business leaders have a contextual awareness of cyber risk and the threats facing their organizations. However, this contextual awareness rarely contributes to a clear, consolidated directive that can be applied across the organizations. Further, many organizations struggle to align their cyber risk management initiatives and their organization’s business strategies. This creates operational friction between those responsible for managing enterprise cyber risk and the business leaders’ goal of expanding their market presence, maintaining revenue streams, and developing new products and services. What is needed is an approach that aligns enterprise cyber risk and business strategy in a way that communicates how cyber risk can enable the business to expand its markets, protect revenue streams, and securely develop and deploy new products and services.

    Read more
  • The Basics of Exploit Development 2: SEH Overflows

    March, 2020, Andy Bowden, Consultant, Coalfire Labs

    In this article we will be writing an exploit for a 32-bit Windows application vulnerable to Structured Exception Handler (SEH) overflows. While this type of exploit has been around for a long time, it is still applicable to modern systems.

    Read more
  • Third Party Risk Management and the Cloud

    March, 2020, Michael Reiter, Director, Cyber Risk Advisory, Coalfire

    Security awareness and preparation are getting more widespread. Corporate boards and C-suite executives are taking Third-Party Risk Management (TPRM) more seriously as they see what has happened to other enterprises in the not-so-distant past. I am speaking primarily of the top-level enterprises, but even smaller companies and less tech-oriented companies often have a hard time securing their infrastructure. If you are a widget supplier with a hundred employees, it’s hard—maybe impossible—to dedicate a full-time resource to things like patching, firewalls, identity and access management, and intrusion detection and incident response. The money just isn’t there.

    Read more
  • Quality is Job One When it Comes to the HITRUST CSF Assurance Program

    March, 2020, Zach Shales, Principal, Healthcare Certification, Coalfire

    The HITRUST CSF® remains an essential security and privacy controls framework that addresses the multitude of security, privacy, and regulatory challenges facing both public and private sector organizations. As framework adoption increases across all industries, maintaining integrity is crucial, and continuous improvement should always be top of mind with any endeavor. This was HITRUST’s clear intent when they announced the formation of an Assessor Council back in 2016 and a Quality Subcommittee in 2017. Read more
  • Displaying results 11-15 (of 384)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff cloud CoalfireOne Compliance Covid-19 credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS
Top