The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Key scoping factors when pursuing ISO 27001 certification

    Jimmy Dilz, Senior Consultant, ISO Assurance, Coalfire

    Service providers that seek the most recognized implementation of an information security baseline and governance structure should consider the ISO/IEC 27001:2013 (“ISO 27001”) standard. The information security management system (ISMS) prescribed by this widely adopted publication engages personnel at every level of an organization to ensure information security-focused processes and controls are implemented, maintained, and continuously improving. Rather than focusing solely on the establishment of information security controls, the ISMS challenges service providers to first consider risks and then develop processes that enable an effective control environment.

    Read more
  • P2PE v3.0 – Why organizations should prepare now

    Andrey Sazonov, Senior Consultant, Application Validation, Coalfire

    The Payment Card Industry Security Standards Council (PCI SSC) published version 3.0 of the Point-To-Point Encryption (P2PE) standard back in December 2019. The new version simplifies and adds flexibility to the process for component and solution providers to validate their P2PE products for cardholder data protection efforts and will ultimately result in more PCI P2PE solutions available in the market. Organizations should prepare now for moving to the new standard.

    Read more
  • So Long, Privacy Shield

    Paul Sonntag, Director, GDPR and Privacy

    In what’s rapidly becoming the splashiest news to hit the privacy space in years, the Court of Justice of the EU (CJEU), the highest court in the European Union, invalidated the U.S. Privacy Shield, a legal instrument that made it possible for organizations operating in the United States to transfer EU personal data to the U.S.. To add to the impact, the CJEU provided no grace period for this change, meaning that the 5,000+ organizations currently enrolled in the Privacy Shield program are effectively out of compliance as of the decision’s publication on July 16.

    Read more
  • So much compliance to do…so little time (and people!)


    Read more
  • [CMSAbstractTransformation.DataBind]: Object reference not set to an instance of an object.
  • State privacy laws: 2020 highs and lows

    Elizabeth Crooks, Consultant, Privacy, Coalfire

    2020 is shaping up to be another interesting year for data privacy, especially given that public health agencies, private companies, and states are now working feverishly to create contact tracing apps and programs while still preserving privacy. Being thoughtful and accountable about data privacy is more important than ever, as some states have made very public mistakes in the rush to roll things out.

    Read more
  • Displaying results 26-30 (of 136)
     |<  <  2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11  >  >| 

Recent Posts

Post Topics