The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • New OCR-ready risk analysis: Why the confusion?

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    Are you ready for an Office for Civil Rights (OCR) investigation? Will your risk analysis and risk management methodologies and documents be sufficient to meet the HIPAA Security Rule?

    Read more
  • Key scoping factors when pursuing ISO 27001 certification

    Jimmy Dilz, Senior Consultant, ISO Assurance, Coalfire

    Service providers that seek the most recognized implementation of an information security baseline and governance structure should consider the ISO/IEC 27001:2013 (“ISO 27001”) standard. The information security management system (ISMS) prescribed by this widely adopted publication engages personnel at every level of an organization to ensure information security-focused processes and controls are implemented, maintained, and continuously improving. Rather than focusing solely on the establishment of information security controls, the ISMS challenges service providers to first consider risks and then develop processes that enable an effective control environment.

    Read more
  • P2PE v3.0 – Why organizations should prepare now

    Andrey Sazonov, Senior Consultant, Application Validation, Coalfire

    The Payment Card Industry Security Standards Council (PCI SSC) published version 3.0 of the Point-To-Point Encryption (P2PE) standard back in December 2019. The new version simplifies and adds flexibility to the process for component and solution providers to validate their P2PE products for cardholder data protection efforts and will ultimately result in more PCI P2PE solutions available in the market. Organizations should prepare now for moving to the new standard.

    Read more
  • So Long, Privacy Shield

    Paul Sonntag, Director, GDPR and Privacy

    In what’s rapidly becoming the splashiest news to hit the privacy space in years, the Court of Justice of the EU (CJEU), the highest court in the European Union, invalidated the U.S. Privacy Shield, a legal instrument that made it possible for organizations operating in the United States to transfer EU personal data to the U.S.. To add to the impact, the CJEU provided no grace period for this change, meaning that the 5,000+ organizations currently enrolled in the Privacy Shield program are effectively out of compliance as of the decision’s publication on July 16.

    Read more
  • So much compliance to do…so little time (and people!)

    Kevin Tonkin, Vice President, Engineering

    In my seven years at Coalfire I've had the pleasure of working with dedicated compliance professionals at organizations of all shapes and sizes. Over time I've seen the pressure on these fine folks increase tenfold as the stream of new compliance obligations jumps its banks and becomes a flood. The pressure increases as their organizations try to enter new markets but find they’re thwarted because of new compliance requirements. I hear the same thing over and over – they have too much to do and not enough people to do it.

    Read more
  • Displaying results 31-35 (of 142)
     |<  <  3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12  >  >| 

Recent Posts

Post Topics

Archives

Tags

Top