The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Keeping your restaurant & hospitality Cardholder Data Environment safe

    August 12, 2014, Marvin Sandoval, Sales Associate

    Reports of new credit card data breaches seem to be in the news daily.  Recent high profile breaches within major retailers this year should serve as a wake-up call to the restaurant and hospitality industries.  As a result of having high volumes of credit card transactions and decentralized security practices, criminal organizations have put the restaurant and hospitality industry squarely in their sights.  The track data used in U.S magnetic-Stripe cards are still among the most valuable commodities on the black market as it allows criminal organizations to clone cards and quickly exploit them for highest possible financial gain. 

    Read more
  • PCI DSS 3.0 puts emphasis on year-round awareness

    September 10, 2013, Matt Getzelman, PCI Practice Director

    It's easy to think of PCI compliance as just another annual hoop to jump through. Of course, after the annual audit, the business is safe for another 12 months, right? Well, not exactly, and with the upcoming release of PCI DSS 3.0, there will be an even bigger reason to think about compliance beyond the scope of a yearly audit.

    Read more
  • The PCI DSS Cloud Computing Guidelines: An Executive Summary

    April 22, 2013, Matt Getzelman, PCI Practice Director

    The PCI SSC and its Cloud Special Interest Group has released its Cloud Computing Guidelines after a year of collaboration and input from SIG members. Coalfire was a big contributor to this document, and we think it is required reading for anyone who has front-line responsibility for managing compliance at companies using a Cloud Service Provider (CSP).

    Read more
  • The PCI SAQ P2PE-HW: Patience, POIs and PIMs

    January 15, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many  merchants are excited about the prospect of  a shorter, less arduous compliance validation effort.  After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.

    Read more
  • P2PE Hybrid, the next best thing since the Prius

    January 07, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.

    Read more
  • Displaying results 26-30 (of 31)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags