The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • The PCI DSS Cloud Computing Guidelines: An Executive Summary

    April 22, 2013, Matt Getzelman, PCI Practice Director

    The PCI SSC and its Cloud Special Interest Group has released its Cloud Computing Guidelines after a year of collaboration and input from SIG members. Coalfire was a big contributor to this document, and we think it is required reading for anyone who has front-line responsibility for managing compliance at companies using a Cloud Service Provider (CSP).

    Read more
  • War on Passwords? Check with Your QSA First!

    March 14, 2013, Matt Getzelman, PCI Practice Director

    Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we don’t see a password breach in the news.

    Read more
  • The PCI SAQ P2PE-HW: Patience, POIs and PIMs

    January 15, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many  merchants are excited about the prospect of  a shorter, less arduous compliance validation effort.  After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.

    Read more
  • What's Next in Retail IT? The Convergence of Mobile, P2PE and the Cloud

    January 15, 2013, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Greetings from the Javits Center in New York City, the site of the National Retail Federation’s Big Show.  This year, the theme of NRF is “Next”.

    When it comes to Retail technology – and in particular, security and compliance, the most talked about “next” things are:

    Read more
  • P2PE Hybrid, the next best thing since the Prius

    January 07, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.

    Read more
  • Displaying results 36-40 (of 44)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags