The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Staying current with HITRUST advisory changes

    Zach Shales, Senior Director, Cloud Infrastructure, Coalfire

    As a result of an ever-evolving threat landscape, compliance requirements are proliferating at an unprecedented rate. It can be overwhelming to keep up with the staggering number of new and updated regulations, compliance frameworks, and standards. HITRUST®, founded in 2007, recognized this challenge and created the HITRUST CSF® to aggregate disparate authoritative sources into a single and certifiable framework. Read more
  • The business case to expand ISO 27001 certification with privacy controls

    Will Dunphy, Senior Manager, Privacy and International Assurance, Coalfire

    Third-party inspections of organizational privacy risk remain a novel trend. Only five years ago, the most basic of common controls frameworks for this risk taxonomy did not even exist. Today, privacy has captured the collective global consciousness. Every segment, from regulators and industry watchdog groups to business customers and consumers, now asks questions on behalf of their processors about how are you not only handling, but using my personal data to provide your service? Read more
  • Rumors of an upcoming, major change to ISO 27002

    Amy Shepard, Senior Manager of Privacy and International Assurance, Coalfire

    Of the thousands of international standards published by the International Organization for Standardization (ISO), some of the most popular ISO standards are management system standards, such as the well-known ISO 9001 standard for quality management and ISO 27001 for information security management.

    Read more
  • DoD Cloud Computing Impact Level 6 – the unclassified edition

    Max Post, Senior Manager, FedRAMP Advisory

    The final Impact Level (IL) referenced in the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) is IL6. IL6 allows Cloud Service Providers (CSPs) to store information up to SECRET or below. CSPs can utilize their own infrastructure or deploy their cloud service offering (CSO) in an equivalent IL6-authorized cloud service. All physical locations used to host IL6 data must provide dedicated cloud infrastructure which processes classified information and therefore cannot be considered a “commercial” provider of cloud services. Read more
  • Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy

    Mark Adams, Director, Coalfire

    Within corporate cybersecurity, resistance presents in a variety of forms. Individuals and institutions alike often face overwhelming peer pressure to “keep doing what made us successful in the past.” In the face of that pressure, it can be difficult to generate or sustain momentum toward higher-level goals after achieving even an intermediate milestone. For example, an organization that invests in program resources to meet the rigorous compliance standards of a cybersecurity control framework may stall in implementing next-level discipline to achieve essential operational efficiency and business enablement objectives. Read more
  • Displaying results 1-5 (of 163)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics