The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • Reflections on Women in Cybersecurity

    Anne Bayerkohler, Senior Director, Quality and Compliance, Coalfire

    I joined Coalfire in 2014. At the time, there were very few women in cyber, much less in leadership roles. As it sometimes happens, I found myself in an elevator with Tom McAndrew, who is now our CEO. We started talking about the direction of my career and plans for my role as Director of Coalfire’s Quality Management System. He asked me a simple question, “What are you doing next?” I had to suddenly come up with a literal elevator pitch of what I could do in my sphere of influence.

    Read more
  • The impact of Covid-19 on SOC reporting

    Jamie Kilcoyne, Partner, Coalfire Controls

    The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is one such risk. Additionally, hackers and fraudsters have stepped up their game and increased the frequency and sophistication of their attacks to take advantage of the vulnerabilities that come with a remote workforce. Many organizations have suffered economically due to Covid-19 with workforce reductions to help reduce costs. However, this could result in a failure to re-assign control responsibilities and a corresponding failure to perform certain controls.

    Read more
  • FedRAMP 101: How to get listed as “In Process”

    Marc Zurcher, Senior Manager, FedRAMP Assurance Services, Coalfire

    Are you a cloud service provider working on a federal contract and need a FedRAMP authorization – but don’t have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency sponsor is to identify which risks they are willing to accept in your Cloud Service Offering (CSO) that may not fully align with FedRAMP requirements.

    Read more
  • Chasing doorbells: Finding IoT vulnerabilities in embedded devices

    Tyler Bennett, Consultant, Penetration Testing, Coalfire

    The goal of this research project was to see if we could find any vulnerabilities and obtain full persistence on an IoT device, while learning about embedded devices in general. This post will take you through our journey to find vulnerabilities in a common, reasonably priced IoT device. For our research, we chose a Night Owl ISP Smart Doorbell – WD2CLM.

    Read more
  • New OCR-ready risk analysis: Why the confusion?

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    Are you ready for an Office for Civil Rights (OCR) investigation? Will your risk analysis and risk management methodologies and documents be sufficient to meet the HIPAA Security Rule?

    Read more
  • Displaying results 21-25 (of 136)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

Top