The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • PCI DSS 3.0 puts emphasis on year-round awareness

    September 10, 2013, Matt Getzelman, PCI Practice Director

    It's easy to think of PCI compliance as just another annual hoop to jump through. Of course, after the annual audit, the business is safe for another 12 months, right? Well, not exactly, and with the upcoming release of PCI DSS 3.0, there will be an even bigger reason to think about compliance beyond the scope of a yearly audit.

    Read more
  • The PCI DSS Cloud Computing Guidelines: An Executive Summary

    April 22, 2013, Matt Getzelman, PCI Practice Director

    The PCI SSC and its Cloud Special Interest Group has released its Cloud Computing Guidelines after a year of collaboration and input from SIG members. Coalfire was a big contributor to this document, and we think it is required reading for anyone who has front-line responsibility for managing compliance at companies using a Cloud Service Provider (CSP).

    Read more
  • The PCI SAQ P2PE-HW: Patience, POIs and PIMs

    January 15, 2013, Dan Fritsche, Principal, Retail and Financial Services

    The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many  merchants are excited about the prospect of  a shorter, less arduous compliance validation effort.  After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.

    Read more
  • P2PE Hybrid, the next best thing since the Prius

    January 07, 2013, Dan Fritsche, Principal, Retail and Financial Services

    P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.

    Read more
  • What “Dexter Malware” tells us about the future of POS security (It might just be P2PE)

    December 20, 2012, Dan Fritsche, Principal, Retail and Financial Services

    The recently announced Dexter malware is targeting POS systems and once in, it collects sensitive credit card data and surreptitiously sends it off to attackers. While the details of this particular attack are not yet available, this is not the first time this general approach has been exploited.

    Read more
  • Displaying results 31-35 (of 35)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 >  >|

Recent Posts

Post Topics

Archives

Tags