The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • A Cyber Engineering Primer: System Compliance and Hardening

    April 16, 2018, Timberly Deane and Alyssa Stackpole, Cyber Engineering Associates, Coalfire

    Cybersecurity is a hot topic for just about everyone: it affects organizations as well as individuals, workers, and citizens. Each of us needs at least a basic understanding of how to safely use and protect the devices and systems that are a part of our day-to-day lives.

    Read more
  • Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity

    March 21, 2018, Nick Son, Vice President, Cyber Risk Services, Coalfire

    Last week, the Institute of Internal Auditors (IIA) held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet with so many forward-thinking audit executives and practitioners.

    Read more
  • Capital One Fraud Seminar Recap

    October 26, 2017, Michael Pitcher, Vice President, Cyber Engineering, Coalfire

    Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital One’s Fraud Analysis team, and Jennifer Smith, who led the Cybersecurity and Data Privacy group at the Shulman, Rogers, Gandal, Pordy & Ecker law firm, to round out a diverse group from various parts of the industry. Each of us deal with fraud daily, but we have very different roles: Jennifer on the litigation side, Gerald from inside a bank, and myself from the technical perspective. Read more
  • New York State Implements Cybersecurity Regulation 23 NYCRR 500

    March 02, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.

    Read more
  • Yahoo / Verizon: A $1B Data Breach Discount?

    November 11, 2016, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    In July of this year Verizon announced it was going to buy Yahoo for $4.8B.  A few weeks later, Yahoo starts investigating a potential data breach of around 200 million records that were for sale on the Dark Web.  In mid-September, Yahoo discloses that sometime in 2014, they were attacked and roughly 500 million user accounts were compromised.  A couple of days later, Verizon says this is the first they’ve heard of this and that event may have a “material impact” on the purchase deal.  By October news reports circulate that Verizon may ask for a $1B discount off the purchase price.

    Read more
  • Displaying results 1-5 (of 22)
     |<  < 1 - 2 - 3 - 4 - 5  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags