The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, Retail, Financial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

Updated: COVID-19 Incites Crimes of Opportunity

Mike Weber, Vice President, Coalfire Labs

On April 21, 2020, Mike Weber, vice president of innovation, updated his blog covering some of the top scams cybercriminals are unleashing on businesses as well as identifying the newest targets for those crimes. In the current panicked state of the economy, understanding the attack vectors is the smartest thing companies and individuals can do to remain cyber secure.
Read more
Privacy by Design: Building Customer Trust

Paul Sonntag, Director, GDPR and Privacy

Historically, the question of privacy has been the domain of the legal community. This makes perfect sense, because privacy has its roots almost exclusively in laws and regulations. The EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar regulations that are cropping up with increasing frequency around the world create a thorny regulatory environment, and figuring out how this network of laws applies to their respective organizations is a task best suited to the legal profession.
Read more
PCI DSS for Large Organizations: A Coalfire Perspective

Dan Stocker, Practice Director, Payments, Cloud & Tech

As organizations grow, PCI DSS responsibilities become more complex. Logically, they gain more interconnected relationships internally and with third parties. Multiple payment channels, complex network architectures, and large inventories of devices in scope require preparation before performing assessments or maintenance. As a result, large organizations need to evolve their approach to PCI DSS awareness and compliance management across the entire organization so that security becomes business as usual.
Read more
How the COVID-19 Epidemic is like Cybersecurity

Nick Vigier, CxO Advisor, Coalfire

Today, every citizen is on the front lines of the epidemic. We are flooded with information about staying safe, keeping an eye out, and left to process unfamiliar language. We are all suddenly doctors and epidemiologists analyzing information and predicting how the world is changing. With countless health professionals, scientists, and officials publishing cautionary tales, it may sound like when your organization’s CISO tells you that Cybersecurity is everyone’s job, and perhaps throws some cyber-jargon at you.
Read more
Should Cloud Service Providers be Concerned with FIPS 140-3?

Christine Biggs, Principal, FedRAMP & Assurance Services, Coalfire

If you’ve dealt with FedRAMP, you may already know that FIPS 140-2 is the standard for cryptographic modules published by the National Institute of Standards and Technology (NIST). All cloud service providers (CSPs) who wish to be FedRAMP compliant must use only crypto modules that have been validated by NIST in their Cryptographic Module Validation Program (CMVP) to ensure they comply with FIPS 140-2.
Read more

Displaying results 26-30 (of 416)

|< < 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 > >|

About
Coalfire started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cybersecurity program can help fuel your overall success.

Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities.

The Coalfire Board of Directors provides invaluable guidance for the organization and reflects Coalfire’s dedication to achieving success for our customers.

Coalfire’s executive leadership team comprises some of the most knowledgeable professionals in cybersecurity, representing many decades of experience leading and developing teams to outperform in meeting the security challenges of commercial and government clients. With diverse backgrounds in IT systems security, governmental security, compliance, and reducing risk while implementing the latest enabling technologies (such as the Cloud and IoT), our leaders understand the challenges customers face.

Security is a team game. If your organization values both independence and security, perhaps we should become partners.

With a passion for quality, Coalfire uses a process-driven quality approach to improve the customer experience and deliver unparalleled results.

Created in honor of the late co-founder of Coalfire, the Richard E. Dakin Fund at The Denver Foundation is supporting scholarship programs at several universities for promising college students studying cybersecurity and related fields.
Industries
The increased need for cyber security has become a common enterprise priority across the globe. However, industry requirements for effective cyber risk management are as distinct as the individual entities under fire. Enterprises and government organizations need more than an off-the-shelf audit to provide an effective threat assessment. They need industry- and organization-specific insights, tools and processes to protect digital assets and ensure compliance.

Coalfire can help cloud service providers prioritize the cyber risks to the company, and find the right cyber risk management and compliance efforts that keeps customer data secure, and helps differentiate products.

"Success" at a government entity looks different at a commercial organization. Create cybersecurity solutions to support your mission goals with a team that understands your unique requirements.

The financial services industry was built upon security and privacy. As cyber-attacks become more sophisticated, a strong vault and a guard at the door won’t offer any protection against phishing, DDoS attacks and IT infrastructure breaches.

The continuum of care is a concept involving an integrated system of care that guides and tracks patients over time through a comprehensive array of health services spanning all levels of care. Interoperability is the central idea to this care continuum making it possible to have the right information at the right time for the right people to make the right decisions.

Maintaining network and data security in any large organization is a major challenge for information systems departments. However, in the higher education environment, the protection of IT assets and sensitive information must be balanced with the need for ‘openness’ and academic freedom; making this a more difficult and complex task.

When it comes to cyber threats, the hospitality industry is not a friendly place. Hotels and resorts have proven to be a favorite target for cyber criminals who are looking for high transaction volume, large databases and low barriers to entry.

The payments industry is undergoing rapid changes and unfortunately, an increasing risk for data breaches. Cyber criminals are growing increasingly businesslike, and payments leaders need to move quickly to cover their cyber risk.

The global retail industry has become the top target for cyber terrorists, and the impact of this onslaught has been staggering to merchants. To secure the complex IT infrastructure of a retail environment, merchants must embrace enterprise-wide cyber risk management practices that reduces risk, minimizes costs and provides security to their customers and their bottom line.

Private enterprises serving government and state agencies need to be upheld to the same information management practices and standards as the organizations they serve. Coalfire has over 16 years of experience helping companies navigate increasing complex governance and risk standards for public institutions and their IT vendors.

Technology innovations are enabling new methods for corporations and governments to operate and driving changes in consumer behavior. The companies delivering these technology products are facilitating business transformation that provides new operating models, increased efficiency and engagement with consumers as businesses seek a competitive advantage.

Cybersecurity has entered the list of the top five concerns for U.S. electric utilities, and with good reason. According to the Department of Homeland Security, attacks on the utilities industry are rising "at an alarming rate".
Solutions
Cyber risk management, advisory, technology and compliance services. Manage risk and maximize return on investment to prevent data breaches and theft. Coalfire’s solutions are led by a team of industry experts that help enterprise organizations understand a wide range of compliance and risk management initiatives, which enables a consistent cybersecurity framework across the organization.
Application security
Securing the design, development, and deployment of your applications

Internet of Things security
Test the security of your IoT solution, end-to-end

Penetration testing
Understand vulnerabilities and implement remediation before they’re exploited
Social engineering
Evaluate risk, identify breakdowns in protections, and implement remediation strategies.

Threat modeling and attack simulation
Attack simulations help improve a threat model’s accuracy and secure your business.

Red team exercise
Test your organization’s defense against a simulated real-world attack
CoalCast podcast
Listen to real-life stories of our security team exploiting vulnerabilities

Research and development
Use malware and vulnerability research, open-source tools, and opinions to provide realistic adversary simulations
CoalfireOne overview
This powerful cloud-based platform delivers technology and insight to help you simplify compliance, reduce risks, and empower your enterprise’s security.

CoalfireOne assessment and project management
Developed and used by our own assessors, CoalfireOne provides a single place to access assessments tailored by our practice experts to fit your needs.

CoalfireOne scanning
Quickly configure and manage your needs for internal and external vulnerability scanning and PCI authorized scanning vendor (ASV) requirements.
CoalfireOne Compliance Management
CoalfireOne Compliance Management is a robust platform that helps you maintain and improve security with year-round visibility and proactive management of your compliance program.
CMMC
New cybersecurity framework required for all DoD suppliers

DEA EPCS
Simplify DEA EPCS compliance

DoD RMF
Certification and accreditation process for DoD
FedRAMP
Get FedRAMP authorized with the leading 3PAO

FFIEC
Reducing financial IT security risk

FISMA
Meet your FISMA authorization needs
HIPAA
Health data protection for all shapes and sizes

HITRUST
A risk management and third-party assurance solution

ISO management
An internationally recognized approach to information security
ITAR and EAR
ITAR and EAR advisory and assessment

NIST SP 800-171
Protect Controlled Unclassified Information for nonfederal

P2PE
Point-to-Point Encryption
PA-DSS/SSF
Payment application security validation

PCI DSS
PCI Data Security Standard compliance

PCI Forensic Investigator
Have you suffered a data breach of cardholder data?
SOC and SSAE 18
Establish and report controls to differentiate your organization

White paper services
Demonstrate your commitment to cybersecurity
Cyber performance review
Secure your IT perimeter and integrate the latest boundary protection for your business applications and critical data

Cyber solution integration and optimization
Team with Coalfire cybersecurity experts to help design, implement, and optimize your critical business applications

Defensive diagnostics and mitigation
Assess, plan, strengthen, and maintain your security posture
Product applicability guides
Expert opinions to showcase regulatory and security use of your products

Security operations and cyber dashboards
Make smart, strategic, and informed decisions about security events

Vulnerability assessment
Preemptively secure your systems while taking the strain off your security teams
CISO program management
Close the gaps in your cybersecurity leadership

Cyber breach services
Prepare for and resolve security incidents quickly and effectively to minimize your business impact

Cyber risk assessment
A structured approach to enabling cyber resilience
Gap advisory
Close the cybersecurity risk and compliance gap

Healthcare security risk analysis and advisory
Address risks facing today's healthcare organizations

M&A cyber due diligence
Evaluate risk throughout the merger or acquisition process
Privacy services
Privacy programs to secure consumer data

Strategy+ cybersecurity program assessment
Design, tune, and govern a cybersecurity program

Third party risk management
Trusted third-party risk assurance for businesses and service providers
Cloud security compliance
Ensure compliance of your cloud usage by leveraging our expertise across multiple frameworks and our extensive experience with more than 700 cloud service providers

Cloud security penetration testing
Identify risk and vulnerabilities across all devices, and apply solutions to mitigate security issues across your business’s entire cloud ecosystem

Cloud security risk assessment
Better understand the unique risks posed by the cloud and how to assess your cloud program to effectively identify cloud-specific risks and threats and close critical security gaps
Cloud security strategy and maturity assessment
Assess your cloud strategy and the maturity of your cloud security program, and then chart a path to a more secure program that aligns with business objectives

Accelerated cloud engineering
Build customized, automated processes so you can stand up and manage secure, compliant, audit-ready cloud environments to get to market faster
Resources
Careers
News & Events
Contact
- Locations
Search for:

Top

The Coalfire Blog

Recent Posts

Post Topics

Archives

RSS Feed

RSS Feed

Tags