The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, Retail, Financial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

IT Security Horror Story #2: A Tale of Spooky Hosted Images

October 29, 2013, Brandon Edmunds, Senior Security Consultant, Coalfire Labs

Image manipulation madness causes a near disaster for a popular web site. READ MORE…IF YOU DARE -
Read more
IT Security Horror Story #1: The Case of the Phantom Blood Red Team

October 29, 2013, Andrew Barratt, Managing Director, Europe

An unsuspecting Fortune 100 company allows horrible creatures into their building and systems during a Red Team engagement. READ MORE…IF YOU DARE -
Read more
BYOD Survey 2013: Employees and Companies Remain Lax with BYOD Security

September 18, 2013, Mike Weber, Vice President, Coalfire Labs

Despite a dramatic increase in mobile device sales in the past year, BYOD security among employees remains static. Gartner forecasts 2013 tablet shipments to grow 67.9 percent, with shipments reaching 202 million units, while the mobile phone market will grow 4.3 percent, with volume of more than 1.8 billion units.
Read more
Whether you are a large or small business, beware of these 5 common security problems

March 11, 2013, Mike Weber, Vice President, Coalfire Labs

Every January, the trade press if full of new year’s resolution-like advice… things to do in the coming year, even Coalfire made a few predictions for 2013. I work at Coalfire Labs, and since our business is IT security and testing, we want to share some advice on how to avoid your systems and accounts from being breached. While larger companies may feel they can skip some of these steps, and still remain safe, TJX, the parent company of T.J. Maxx and Marshalls learned the hard way the damages a breach can cause. Information from up to tens of millions of credit and debit cards was stolen costing TJX millions of dollars to get the problem under control. With this in mind, here is a list of five issues companies are prone to make, and ways to avoid negative ramifications.
Read more
Creative Ideas for Replacing Passwords

March 08, 2013, Mike Weber, Vice President, Coalfire Labs

Passwords have been the de facto manner of providing security for IT systems. They’ve got a bad reputation, but it’s not the passwords themselves that deserve the reputation – it’s the individuals using them and the weak standards to which these passwords are managed. In fact, a password system implemented in a secure manner – long and complex passwords that change periodically – can be (virtually) uncrackable. However, a typical user isn’t apt to embrace a system that requires 15 characters or more (including numbers, upper and lower case, and special characters) and needs to change every two to four weeks.
Read more

Displaying results 41-45 (of 54)

|< < 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 > >|

About
Coalfire started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cybersecurity program can help fuel your overall success.

Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities.

The Coalfire Board of Directors provides invaluable guidance for the organization and reflects Coalfire’s dedication to achieving success for our customers.

The Executive Team is comprised of experienced senior leaders who oversee Coalfire’s key business units. Tom McAndrew, shown right is the Chief Executive Officer for Coalfire. He is recognized as one of the world’s leading cybersecurity experts in both the commercial and government sectors.

With a passion for quality, Coalfire uses a process-driven quality approach to improve the customer experience and deliver unparalleled results.

Created in honor of the late co-founder of Coalfire, the Richard E. Dakin Fund at The Denver Foundation is supporting scholarship programs at several universities for promising college students studying cybersecurity and related fields.

Security is a team game. If your organization values both independence and security, perhaps we should become partners.
Industries
The increased need for cyber security has become a common enterprise priority across the globe. However, industry requirements for effective cyber risk management are as distinct as the individual entities under fire. Enterprises and government organizations need more than an off-the-shelf audit to provide an effective threat assessment. They need industry- and organization-specific insights, tools and processes to protect digital assets and ensure compliance.

Coalfire can help cloud service providers prioritize the cyber risks to the company, and find the right cyber risk management and compliance efforts that keeps customer data secure, and helps differentiate products.

“Success” at a government entity looks different than at a commercial organization. Create cybersecurity solutions to support your mission goals with a team that understands your unique requirements.

The financial services industry was built upon security and privacy. As cyber-attacks become more sophisticated, a strong vault and a guard at the door won’t offer any protection against phishing, DDoS attacks and IT infrastructure breaches.

The continuum of care is a concept involving an integrated system of care that guides and tracks patients over time through a comprehensive array of health services spanning all levels of care. Interoperability is the central idea to this care continuum making it possible to have the right information at the right time for the right people to make the right decisions.

Maintaining network and data security in any large organization is a major challenge for information systems departments. However, in the higher education environment, the protection of IT assets and sensitive information must be balanced with the need for ‘openness’ and academic freedom; making this a more difficult and complex task.

When it comes to cyber threats, the hospitality industry is not a friendly place. Hotels and resorts have proven to be a favorite target for cyber criminals who are looking for high transaction volume, large databases and low barriers to entry.

The payments industry is undergoing rapid changes and unfortunately, an increasing risk for data breaches. Cyber criminals are growing increasingly businesslike, and payments leaders need to move quickly to cover their cyber risk.

The food and beverage industry is under attack from cyber criminals intent on stealing payment information. The food and beverage industry makes up the highest percentage of breach investigations, at nearly 73 percent, according to Visa.

The global retail industry has become the top target for cyber terrorists, and the impact of this onslaught has been staggering to merchants. To secure the complex IT infrastructure of a retail environment, merchants must embrace enterprise-wide cyber risk management practices that reduces risk, minimizes costs and provides security to their customers and their bottom line.

Private enterprises serving government and state agencies need to be upheld to the same information management practices and standards as the organizations they serve. Coalfire has over 16 years of experience helping companies navigate increasing complex governance and risk standards for public institutions and their IT vendors.

Technology innovations are enabling new methods for corporations and governments to operate and driving changes in consumer behavior. The companies delivering these technology products are facilitating business transformation that provides new operating models, increased efficiency and engagement with consumers as businesses seek a competitive advantage.

Cybersecurity has entered the list of the top five concerns for U.S. electric utilities, and with good reason. According to the Department of Homeland Security, attacks on the utilities industry are rising "at an alarming rate."
Solutions
Cyber risk management, advisory, technology and compliance services. Manage risk and maximize return on investment to prevent data breaches and theft. Coalfire’s solutions are led by a team of industry experts that help enterprise organizations understand a wide range of compliance and risk management initiatives, which enables a consistent cybersecurity framework across the organization.
Assessments
Expert assessments that provide an accurate understanding of what you are trying to protect, the inherent and residual cyber risk to your enterprise and the maturity of the your security program and underlying controls

Advisory
Customized services to help CISOs and Senior Management develop cybersecurity strategy, implement controls, and govern a security program

Cybersecurity Audit
Cybersecurity assurance services provided on a co-sourced basis to internal audit departments, or via independent audits commissioned directly by the board of directors or senior management
Cyber Defense
Adopt a proactive approach to cybersecurity

Security Monitoring and Analytics
Make more informed security-related decisions

Security Architecture
Design, engineer, and scale with confidence
DoD RMF
Certification and Accreditation (C&A) process for DoD

FedRAMP
Get FedRAMP authorized with the leading 3PAO

FFIEC
Reducing Financial IT Security Risk

FISMA
Meet your FISMA authorization needs

GDPR
General Data Protection Regulation

HIPAA
Health data protection for all shapes and sizes

HITRUST
The most rigorous approach to meeting HIPAA requirements

ISO 27001
An internationally recognized approach to information security

ITAR EAR DFARS
ITAR, EAR, and DFARS Advisory and Assessment

NERC CIP
Cyber security for electric grid critical infrastructure

NIST SP 800-171
Protect Controlled Unclassified Information for Nonfederal

PA-DSS
Payment Application Security Validation

PCI DSS
PCI Data Security Standard Compliance

P2PE
Point-to-Point Encryption

SOC
Establish and report controls to differentiate your organization
Research and Development
Malware and Vulnerability Research, Open Source Tools, and Opinions

Penetration Testing
Understand vulnerabilities and implement remediation before they’re exploited

Digital Forensics
Obtain, preserve, and examine digital evidence

Vulnerability Scanning & Assessment
Protect sensitive information systems with regular check ups

Application Security
Secure the design, development, and deployment of your applications

Red Team Exercise
Test your organization’s defense against a simulated real-world attack

Ransomware Threat Response
Employ solutions for prevention and recovery
Secure physical and digital IoT solutions with advisory, assessment and technical testing for makers, operators and users to empower the way we live and work.
CoalfireOne Overview
Control your Compliance

CoalfireOne Scanning Solutions
Easily identify IT vulnerabilities

CoalfireOne Assessments
Streamlining PCI Compliance
Resources
Careers
News
Contact
- Locations
Search for:

The Coalfire Blog

Recent Posts

Post Topics

Archives

RSS Feed

Tags