-
New SEC Cyber Risk Disclosure Guidance: What Does It Mean for Public Companies?
Nick Son, Vice President, Cyber Risk Services, Coalfire
On February 21, the U.S. Securities and Exchange Commission (SEC) issued the long overdue cybersecurity interpretive guidance to address the methods and timing of cybersecurity risks and incidents disclosures. To signify the importance of this updated guidance, five SEC commissioners issued the guidance. The new guidance does not change any of the existing SEC rules, but it does address two new topics.
Read more
-
NIST SP 800-171: What U.S. Government Contractors Need to Know
Mali Yared, Practice Director, Cyber Risk Advisory & Privacy, Coalfire
In December 2016, NIST released Special Publication 800-171, Revision 1: Protecting Controlled Unclassified Information in Nonfederal Systems. Since that publication, I have worked with dozens of government contractors to help them understand this publication and determine if and how it applies to their businesses. This is the first of a three-part series that explains the standard and provides guidance to firms that must comply with it.
Read more
-
The HITRUST CSF Version 9.1 Release – How It Could Apply to Your Organization
Michael T. Williams, Senior Consultant, Coalfire
If you’re familiar with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), then you’re likely aware that HITRUST revises the CSF requirements twice annually to account for new regulations, technologies, and business models affecting the security of Protected Health Information (PHI). This enables the HITRUST CSF to evolve in step with the changing cyber risk landscape. HITRUST CSF version 9 is currently in effect, but HITRUST will release version 9.1 later this month.
Read more
-
Cyber Engineering for 2018 and Beyond
Dylan McAllister, Associate, Cyber Engineering, Coalfire
2017 could be considered one of the most exciting (or horrifying) years in the technology industry. End-of-year statistics showed that the number of reported breaches in the business sector saw a 21% increase over the previous year, and headlines from all major news outlets were riddled with reports of hacks, data leaks, and high-profile vulnerabilities.
Read more
-
Introducing Red Baron - Automate the Creation of Resilient, Disposable, Secure, and Agile Infrastructure for Red Teams
Marcello Salvati, Senior Security Researcher, Coalfire Labs
The need to automate the creation of disposable red-team infrastructure is key to providing effective adversary simulations. As Coalfire Labs continued to grow, our team needed a system to quickly configure and spin up C2 and/or phishing infrastructure, run multiple campaigns at the same time, and recreate infrastructure if some parts got detected and/or blacklisted.
Read more