• Enabling Clients to Cope with ASV Scans

    Marco Brown, Associate, CoalfireOne Scanning Services

    Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor (ASV) process, I’ve outlined some coping mechanisms and tools to use.

    Read more
  • Forensics and the Internet of Things (IoT)

    Brian Prendergast, Senior Consultant, Cyber Risk Advisory - Forensics, Coalfire

    Today, the Internet of Things (IoT) means that billions of devices are connected to the Internet. People and organizations are looking to connect devices more frequently for automation, simplification, and the feature advantages the IoT delivers. Items such as smoke detectors, glasses, watches, ovens, refrigerators, garage doors, and more are connecting to the Internet, with most of the associated data saved to the Cloud.

    Read more
  • Encryption of Federal Data

    Keith Kidd, Director, FedRAMP Assessment, Coalfire

    One of the biggest challenges our customers face when pursuing Federal Risk and Authorization Management Program (FedRAMP) compliance is the federal mandate that Federal Information Processing Standards (FIPS) 140-2 validated cryptographic modules must be consistently applied where cryptography is required. Where is cryptography required you ask?

    Read more
  • Valuing IR Preparedness: Identifying and Communicating ROI

    Andrew Brosman, Principal, Enterprise Risk

    In the information security community, a proactive approach to incident response is always considered best practice. Reacting in the moment can drain resources and often, the full impact of the incident may take weeks or even months to remediate. Despite this, making a case to management for the value of a proactive approach can be difficult. Buying a new tool or service provides quantifiable efficiency returns; but how do you present your case when the return on investment (ROI) for incident response isn’t as measurable?

    Read more
  • How Hospitals Can Tie Cost Reduction to a Solid Data Security Program

    Michelle Caswell, Principal, Healthcare Assurance Services, Coalfire

    When I have conversations with hospitals and other organizations subject to HIPAA, one of the first questions asked is “if I have a data breach, will OCR fine me, and if so, how much?” Many organizations decide to gamble: they opt to save time and money by not implementing a robust information risk and compliance program on the chance that the Office for Civil Rights (OCR) won’t fine them in the event of a breach. Although the OCR is the regulatory agency that enforces HIPAA, their fines are only one potential expense an organization incurs for a data breach.

    Read more
  • Work It ‘til You Make It – Part 1

    Beck Larson, Director, CoalfireOne Scanning Services Team

    I was recently asked to be a speaker on my first “Women in Cybersecurity” panel. I accepted, despite my admitted fear of speaking in public, on a stage, dishing honesty to be judged by strangers. But, I did it because I know that it’ll make me a better speaker and a better leader – the more practice, the easier it’ll get, right?

    Read more
  • Compensating Controls: When Patching Isn’t an Option

    Steve Durham, Consultant, CoalfireOne Scanning Services

    Your software vendor is asleep at the wheel and your devs still need that legacy daemon.

    Read more
Top