Enabling Clients to Cope with ASV Scans

Marco Brown, Associate, CoalfireOne Scanning Services

Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor (ASV) process, I’ve outlined some coping mechanisms and tools to use.

Forensics and the Internet of Things (IoT)

Brian Prendergast, Senior Consultant, Cyber Risk Advisory - Forensics, Coalfire

Today, the Internet of Things (IoT) means that billions of devices are connected to the Internet. People and organizations are looking to connect devices more frequently for automation, simplification, and the feature advantages the IoT delivers. Items such as smoke detectors, glasses, watches, ovens, refrigerators, garage doors, and more are connecting to the Internet, with most of the associated data saved to the Cloud.

Encryption of Federal Data

Keith Kidd, Director, FedRAMP Assessment, Coalfire

One of the biggest challenges our customers face when pursuing Federal Risk and Authorization Management Program (FedRAMP) compliance is the federal mandate that Federal Information Processing Standards (FIPS) 140-2 validated cryptographic modules must be consistently applied where cryptography is required. Where is cryptography required you ask?

Valuing IR Preparedness: Identifying and Communicating ROI

Andrew Brosman, Principal, Enterprise Risk

In the information security community, a proactive approach to incident response is always considered best practice. Reacting in the moment can drain resources and often, the full impact of the incident may take weeks or even months to remediate. Despite this, making a case to management for the value of a proactive approach can be difficult. Buying a new tool or service provides quantifiable efficiency returns; but how do you present your case when the return on investment (ROI) for incident response isn’t as measurable?

How Hospitals Can Tie Cost Reduction to a Solid Data Security Program

Michelle Caswell, Principal, Healthcare Assurance Services, Coalfire

When I have conversations with hospitals and other organizations subject to HIPAA, one of the first questions asked is “if I have a data breach, will OCR fine me, and if so, how much?” Many organizations decide to gamble: they opt to save time and money by not implementing a robust information risk and compliance program on the chance that the Office for Civil Rights (OCR) won’t fine them in the event of a breach. Although the OCR is the regulatory agency that enforces HIPAA, their fines are only one potential expense an organization incurs for a data breach.

Work It ‘til You Make It – Part 1

Beck Larson, Director, CoalfireOne Scanning Services Team

I was recently asked to be a speaker on my first “Women in Cybersecurity” panel. I accepted, despite my admitted fear of speaking in public, on a stage, dishing honesty to be judged by strangers. But, I did it because I know that it’ll make me a better speaker and a better leader – the more practice, the easier it’ll get, right?

Compensating Controls: When Patching Isn’t an Option

Steve Durham, Consultant, CoalfireOne Scanning Services

Your software vendor is asleep at the wheel and your devs still need that legacy daemon.