The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Deploying your first Blueprints

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case.

    Read more
  • Blueprints scopes and assignments

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back for part three of four in our Blueprint technical series. Today we’re covering the governance and lifecycle controls of Blueprints within an Azure tenant. There is a lot of power in what Blueprints provide, and this tooling needs to be managed across multiple subscriptions or organization units. This is where Blueprint scopes come into place.

    Read more
  • Azure Policies

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back to Part Two of our four-part Blueprint Series. Today's post covers the use of Azure Policies within a Blueprint deployment along with ARM templates and permissions management. Azure Policies are the critical component of Azure Blueprints. Policies, like ARM Templates, are JSON documents that describe controls around Azure resources. As mentioned earlier, these can be as simple as identifying regions or resources allowed to be deployed. More in-depth capabilities include remediation of incorrect configuration issues and audit settings and configurations of Azure resources.

    Read more
  • The California Privacy Rights Act (CPRA)

    Elizabeth Crooks, Consultant, Privacy, Coalfire

    The California Privacy Rights Act (CPRA) was passed in November by voters in California. Adding another entry to the alphabet soup that is privacy regulations, the CPRA (known as Proposition 24 when it was on the ballot) expands on the state’s landmark consumer privacy law, the California Consumer Privacy Act (CCPA). The CCPA formally came into effect on January 1, 2020, and the final text of the implementing regulations has been released by the California attorney general’s office. The CPRA both expands the protections put in place by the CCPA and makes it harder for businesses to sell or share personal information.

    Read more
  • Systemic non-compliance: the root cause of pain for healthcare organizations

    Tommy Abraham, Senior Director of Healthcare Assurance, Coalfire

    Recently, I was fortunate enough to experience the joys of becoming a father as my wife and I welcomed our first child into the world. It was one of the most beautiful experiences of my life and I’m grateful for the advances we have made in modern medicine and technology. I mention this personal anecdote to provide context for what I witnessed about the data security challenges that have existed for years in the healthcare industry and are still pervasive today.

    Read more
  • Displaying results 6-10 (of 437)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit Azure bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 CPRA credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS