The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • Remote Workforce is NOT the New Norm, but “Secure Work Anywhere” Should Be

    Jonathan Leach, Principal, Cyber Risk Services, Coalfire

    Secure Work Anywhere (SWA) is a new term for an old idea that is quickly becoming an industry standard. The overall principles of SWA are not new, but the risks associated with increased rates of workers connecting from potentially unsecure networks highlight the importance of those principles now more than ever. Although your workers may not always be remote, they should always be secure.

    Read more
  • Am I doing it right? An introspective look at "why it's like this"

    Adversary Ops, Coalfire

    Cybersecurity, as a practice within organizations, has existed for decades. Larger (or government) organizations have had dedicated cybersecurity functions in place since at least the ‘90s. By the early 2000s, organizations were appointing CISOs, and by the end of that decade over 85% of large organizations had a CISO, and by 2017, over 85% of ALL organizations have appointed a CISO.

    Read more
  • What to Expect in the initial FedRAMP briefing with your Agency Sponsor and the PMO

    Nick Peters, Senior Manager, FedRAMP Assurance Services, Coalfire

    Most people who have spent any time researching the FedRAMP authorization process know there are two routes for a Cloud Service Provider (CSP) to become FedRAMP authorized: Agency and Joint Authorization Board (JAB). Because of the limited number of CSPs selected each quarter for the JAB authorization process (FedRAMP Connect), many CSPs follow the agency authorization path. In fact, 77% of authorized CSPs have an Agency Authorization to Operate (ATO).

    Read more
  • FedRAMP – 8 years in and 100 assessments achieved

    Michael Carter, Vice President, Cyber Assurance – FedRAMP

    Back in 2011, if you had asked me what cloud computing was, I would have looked at you with a blank look on my face. At the time, I was supporting a Federal client when my boss asked me to assist in applying to become a 3PAO. I had no clue what 3PAO even stood for (it stands for Third-Party Assessment Organization), but I volunteered to support the cause.

    Read more
  • Cybersecurity Risk Management – From HIPAA to HITRUST

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    Cybersecurity risk management for healthcare organizations continues to be a perplexing issue. While it is explicit in the security management standard of the HIPAA Security Rule that a Covered Entity and their Business Associates must conduct an “accurate and thorough” risk analysis teamed with a plan to “implement security measures to reduce risks,” it is not immediately clear how this is to be accomplished.

    Read more
  • Displaying results 41-45 (of 136)
     |<  <  5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14  >  >| 

Recent Posts

Post Topics

Archives

Tags

Top