• The Edge of a Storm?

    Andrew Barratt, Managing Director, Europe

    The SolarWinds element of this breach is likely just the ‘tip of the iceberg’ as many more businesses leveraging their management tools are exposed to this compromise. Not necessarily from the nation state actor believed to have triggered it, but from the potential sell off of those points of access to criminal groups. In our investigation experience, broad compromises are often sold on the various dark web forums to organized crime groups who are more likely to target critical business assets looking for an opportunity to monetize the breach.

    Read more
  • Deploying your first Blueprints

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case.

    Read more
  • Blueprints scopes and assignments

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back for part three of four in our Blueprint technical series. Today we’re covering the governance and lifecycle controls of Blueprints within an Azure tenant. There is a lot of power in what Blueprints provide, and this tooling needs to be managed across multiple subscriptions or organization units. This is where Blueprint scopes come into place.

    Read more
  • Azure Policies

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back to Part Two of our four-part Blueprint Series. Today's post covers the use of Azure Policies within a Blueprint deployment along with ARM templates and permissions management. Azure Policies are the critical component of Azure Blueprints. Policies, like ARM Templates, are JSON documents that describe controls around Azure resources. As mentioned earlier, these can be as simple as identifying regions or resources allowed to be deployed. More in-depth capabilities include remediation of incorrect configuration issues and audit settings and configurations of Azure resources.

    Read more
  • The California Privacy Rights Act (CPRA)

    Elizabeth Crooks, Consultant, Privacy, Coalfire

    The California Privacy Rights Act (CPRA) was passed in November by voters in California. Adding another entry to the alphabet soup that is privacy regulations, the CPRA (known as Proposition 24 when it was on the ballot) expands on the state’s landmark consumer privacy law, the California Consumer Privacy Act (CCPA). The CCPA formally came into effect on January 1, 2020, and the final text of the implementing regulations has been released by the California attorney general’s office. The CPRA both expands the protections put in place by the CCPA and makes it harder for businesses to sell or share personal information.

    Read more

Recent Posts

Post Topics

Archives

Tags

Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit Azure bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 CPRA credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS
Top