A Cyber Engineering Primer: System Compliance and Hardening
April 16, 2018, Timberly Deane and Alyssa Stackpole, Cyber Engineering Associates, Coalfire
Cybersecurity is a hot topic for just about everyone: it affects organizations as well as individuals, workers, and citizens. Each of us needs at least a basic understanding of how to safely use and protect the devices and systems that are a part of our day-to-day lives.
Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity
March 21, 2018, Nick Son, Vice President, Cyber Risk Services, Coalfire
Last week, the Institute of Internal Auditors (IIA) held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet with so many forward-thinking audit executives and practitioners.
Capital One Fraud Seminar Recap
October 26, 2017, Michael Pitcher, Vice President, Cyber Engineering, Coalfire
Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital One’s Fraud Analysis team, and Jennifer Smith, who led the Cybersecurity and Data Privacy group at the Shulman, Rogers, Gandal, Pordy & Ecker law firm, to round out a diverse group from various parts of the industry. Each of us deal with fraud daily, but we have very different roles: Jennifer on the litigation side, Gerald from inside a bank, and myself from the technical perspective. Read more
New York State Implements Cybersecurity Regulation 23 NYCRR 500
March 02, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.
Yahoo / Verizon: A $1B Data Breach Discount?
November 11, 2016, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
In July of this year Verizon announced it was going to buy Yahoo for $4.8B. A few weeks later, Yahoo starts investigating a potential data breach of around 200 million records that were for sale on the Dark Web. In mid-September, Yahoo discloses that sometime in 2014, they were attacked and roughly 500 million user accounts were compromised. A couple of days later, Verizon says this is the first they’ve heard of this and that event may have a “material impact” on the purchase deal. By October news reports circulate that Verizon may ask for a $1B discount off the purchase price.