The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • Coalfire and HITRUST – 9 years, 1,000 engagements and counting

    Zach Shales, Senior Director, Cloud Infrastructure, Coalfire

    Since 2007, HITRUST® has offered programs that protect sensitive information and allow organizations to manage information risk globally across all industries and throughout the supply chain. In collaboration with information security, privacy, and risk management leaders from public and private sectors, they develop, maintain, and provide access to comprehensive risk and compliance management frameworks, and related assessment and assurance methodologies.

    Read more
  • Mining Splunk's Internal Logs

    Matt Alshab, IT Security Consultant, Technical Cyber Services, Coalfire Federal

    Splunk is great about logging its warnings and errors, but it won’t tell you about them – you have to ask!

    As the leading machine-generated data analysis software, it’s not surprising that Splunk excels at creating robust logs. The current version of Splunk Enterprise (v 8.05) generates 22 different logs (for a complete current list see: What Splunk logs about itself). These logs don't consume license usage, so other than disk space, there is no downside to all this logging, and the information the logs provide can be eye opening. The challenge for the Splunk administrator is getting a handle on these logs and using them to troubleshoot issues, find unknown errors, and improve performance.

    Read more
  • Using Azure Blueprints to Control Azure Compliance

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    As Peter Parker says, with great power comes great responsibility. And so it goes with public cloud: With cloud scale and agility come cloud-scale problems and compliance nightmares. Every day, IT professionals balance the need to act quickly—often leveraging cloud speed of execution to implement resources—with the need to control resource deployments in their efforts to maintain proper organizational compliance and security posture.

    Read more
  • Getting around the cybersecurity talent shortage

    Bob Post, Managing Principal, Strategy, Privacy, Risk

    More remote workers mean larger attack surfaces, and as cyber criminals take advantage of the rush to provision a remote workforce, the pain of the cybersecurity professionals’ shortage has become acute. Last year, the ISC(2) Workforce Study identified a shortage of 561,000 cybersecurity professionals in North America. Globally, that number is over 4,000,000 professionals. In April of this year, another ISC(2) survey found that 47 percent of the cybersecurity professionals surveyed were reassigned to other IT support activities while companies were ramping up to deal with the requirements of a newly remote workforce. As we move to “what’s next?”, how do enterprises obtain the needed resources and expertise to better address cyber risk in the new environment?

    Read more
  • PCI DSS version 4.0 – what we know so far

    Andrew Barratt, Managing Director, Europe

    From September 23 - November 13, 2020, stakeholders can participate in the Request for Comments (RFC) on the draft of PCI Data Security Standard (DSS) version 4.0. This is the second RFC for the PCI DSS v4.0 draft—the first RFC was in late 2019 and that feedback was incorporated into the draft.

    Read more
  • Displaying results 41-45 (of 163)
     |<  <  5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14  >  >| 

Recent Posts

Post Topics

Archives

Tags

Top