-
Enabling Clients to Cope with ASV Scans
Marco Brown, Associate, CoalfireOne Scanning Services
Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor (ASV) process, I’ve outlined some coping mechanisms and tools to use.
Read more
-
Forensics and the Internet of Things (IoT)
Brian Prendergast, Senior Consultant, Cyber Risk Advisory - Forensics, Coalfire
Today, the Internet of Things (IoT) means that billions of devices are connected to the Internet. People and organizations are looking to connect devices more frequently for automation, simplification, and the feature advantages the IoT delivers. Items such as smoke detectors, glasses, watches, ovens, refrigerators, garage doors, and more are connecting to the Internet, with most of the associated data saved to the Cloud.
Read more
-
Encryption of Federal Data
Keith Kidd, Director, FedRAMP Assessment, Coalfire
One of the biggest challenges our customers face when pursuing Federal Risk and Authorization Management Program (FedRAMP) compliance is the federal mandate that Federal Information Processing Standards (FIPS) 140-2 validated cryptographic modules must be consistently applied where cryptography is required. Where is cryptography required you ask?
Read more
-
Valuing IR Preparedness: Identifying and Communicating ROI
Andrew Brosman, Senior Security Consultant, Cyber Risk Advisory
In the information security community, a proactive approach to incident response is always considered best practice. Reacting in the moment can drain resources and often, the full impact of the incident may take weeks or even months to remediate. Despite this, making a case to management for the value of a proactive approach can be difficult. Buying a new tool or service provides quantifiable efficiency returns; but how do you present your case when the return on investment (ROI) for incident response isn’t as measurable?
Read more
-
How Hospitals Can Tie Cost Reduction to a Solid Data Security Program
Michelle Caswell, Principal, Healthcare Assurance Services, Coalfire
When I have conversations with hospitals and other organizations subject to HIPAA, one of the first questions asked is “if I have a data breach, will OCR fine me, and if so, how much?” Many organizations decide to gamble: they opt to save time and money by not implementing a robust information risk and compliance program on the chance that the Office for Civil Rights (OCR) won’t fine them in the event of a breach. Although the OCR is the regulatory agency that enforces HIPAA, their fines are only one potential expense an organization incurs for a data breach.
Read more
-
Work It ‘til You Make It – Part 1
Beck Larson, Director, CoalfireOne Scanning Services Team
I was recently asked to be a speaker on my first “Women in Cybersecurity” panel. I accepted, despite my admitted fear of speaking in public, on a stage, dishing honesty to be judged by strangers. But, I did it because I know that it’ll make me a better speaker and a better leader – the more practice, the easier it’ll get, right?
Read more
-
Compensating Controls: When Patching Isn’t an Option
Steve Durham, Consultant, CoalfireOne Scanning Services
Your software vendor is asleep at the wheel and your devs still need that legacy daemon.
Read more