RSA 2012: Mobile, Cloud, and Intelligent Control
March 02, 2012, Rick Norman, Director, Professional Services
It was good to catch up with our customers and partners at RSA 2012 this week. Much of the buzz this year was around mobile devices and securing the cloud. We were glad to see innovative organizations introducing compliance-validated architectures based on these emerging technologies. One such organization was Hewlett-Packard, a Coalfire client and business partner.
Formalized IT Security Policy Now Required for Government Prime and Sub-contractors
January 20, 2012, Alan Ferguson, Executive VP, Sales and Marketing, Co-founder
This month the GSA announced an IT security mandate for government prime- and sub-contractors that requires them to have a formalized IT security plan that includes periodic audits. Many government sub-contractors, large and small, will benefit from a third-party compliance program review so they can meet the intent of the rule but more importantly, they can promote an IT risk audit as a benefit to their customer base in their business development efforts. There are a large number of sub-contractors, including IT service providers, that will need to comply with this new mandate.
Phishing Season: Spam on the rise
September 01, 2011, Mike Weber, Vice President, Coalfire Labs
Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment confirmations, credit card statements, and IRS alerts. They all request swift action to click a link or to read an attachment to address some pressing issue. Read more
New Guidelines Address PCI DSS Tokenization
August 19, 2011, Bruce DeYoung,
“Tokenization” is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and, after all, what is not there cannot get stolen. This technique can be used with sensitive data of all kinds including financial transactions and medical records.
Viruses and Vendors Can Put Healthcare Data At Risk
August 09, 2011, Andrew Hicks, Healthcare and Life Sciences Practice Director
A recent article in Healthcare Security Info highlights that computer viruses can cause security breaches, that can then in turn compromise health care data and potentially violate the HIPAA and HITECH Act regulations. Beth Israel Deaconess Medical Center in Boston had to notify more than 2,000 people that a computer virus sent data, including medical record numbers, names, etc. to an undisclosed location.