The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • Embracing the Cloud's Potential for Security

    June 17, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    I spoke recently at TIA’s Network of the Future conference. At the session, which was heavier on vendors than operators, the discussion was very focused on the cloud. Everyone wants to know what’s coming next and if they’re ready for it.

    Read more
  • It wasn't raining when Noah built the ark

    April 01, 2014, Craig Billado, Forensic Analyst, Coalfire Labs

    This month movie-goers around the world will flock (possibly two-by-two) to see Darren Aronofsky’s ‘Noah’—a silver-screen adaptation of the timeless biblical story, starring Russell Crow and Jennifer Connelly .  Whether one interprets the flood narrative literally or figuratively, this fact remains:  the time to prepare for disaster is not after the fact but beforehand. This is true whether the calamity is divine or human in origin.

    Read more
  • The PCI DSS 3.0 SAQs are here!

    March 17, 2014, Kenny Yau, Senior IT Security Consultant

    The Payment Card Industry Security Standards Council (PCI SSC) released Data Security Standards (DSS) 3.0 in November 2013 and has just released the related Self-Assessment Questionnaires (SAQ). There are two new SAQs, SAQ A-EP and SAQ B-IP.

    Read more
  • PCI DSS 3.0 ROC Reporting Template Released

    February 11, 2014, Matt Getzelman, PCI Practice Director

    Heads up for our PCI customers: the PCI SSC released the “ROC Reporting Template for v3.0” this last weekend and it is available here. This document supports the PCI DSS 3.0 standard and must be used by all QSA organizations to create and submit a Report on Compliance (ROC).  What does this mean? 

    Read more
  • Target Hackers Broke in Via HVAC Company?

    February 06, 2014, Adam Shnider, VP, West Region, Professional Services

    When I first heard about the account used to gain access to the Target environment, my first reaction was to laugh at the ridiculousness of the HVAC vendor having an impact on the CDE like it seems to (or is rumored) to have had in the recent breach.  Then I started thinking with the PCI controls, including 8.5.6, requirements for revoking vendor access, how could an HVAC vendor account be the culprit for such a broad attack and how could this affect our customers.

    Read more
  • Displaying results 21-25 (of 44)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9  >  >| 

Recent Posts

Post Topics


RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)