603 matches found
IT Security Horror Stories: Tale of the Fake IT Rep
Some IT security monsters arent as obvious as a Mummy. At Coalfire Labs, we discover--and help our clients address--some pretty scary security and compliance problems. There are lots of deceptive monsters looking to exploit the weaknesses of their victims. This is one of those terrifying but true...
IT Security Horror Stories: Truth is Scarier Than Fiction
At Coalfire Labs, we discover--and help our clients address--some pretty scary security and compliance problems. Everyones heard of blood-sucking cyber criminals looking for vulnerable IT systems. Even when organizations have protections in place, these monsters just wont give up. Their appetite ...
IT Security Horror Stories: The Case of the Phantom Technician
At Coalfire Labs, we discover--and help our clients address--a lot of scary security and compliance problems. Like zombies out looking for a victim, nefarious characters are out to attack your IT infrastructure and compromise your systems. Even when organizations have protections in place, the...
Coalfire Client FireHost Achieves HITRUST CSF Certification
Yesterday, we were delighted to see our long-time client Firehost announce that they achieved Common Security Framework CSF "Certified" status from the HITRUST Alliance. Headquartered in Richardson, Texas, FireHost has made compliance a top priority, and weve enjoyed working with them to achieve...
Cyber Security Legislation
October is Cyber Security Awareness Month: Get Informed and Get Involved on Cyber Legislation. Every October, the National Cyber Security Alliance sponsors National Cyber Security Awareness Month, and a growing number of businesses and institutions are joining the chorus. The White House got in o...
My DEFCON social engineering talk and DerbyCon
This year has been a year of firsts for me and for Coalfire. I was recently hired to my first Information security job as a penetration tester for Coalfire Labs, the forensic and app/network testing side of Coalfire. Many of the Coalfire Labs team attended DEFCON in Las Vegas in early August.. No...
BYOD Survey Results: Employees are not playing it safe with company data
Employers are seeing a drastic increase in the number of employees using personal smartphones and tablets in the office. This "Bring Your Own Device" BYOD trend is causing headaches for the IT department and there is no stopping this trend. Due to the sensitive nature of company information often...
Coalfire Certificates: Proof of a Job Well Done
Most security professionals don't like to boast about their good work. They would rather stay behind the scenes to keep systems and data protected from harm. However, companies also need to let customers and business partners know that they have a security program and are compliant with applicabl...
Proudly Supporting Our Country’s Navy Reserves
July is a month in which we celebrate our nations independence and we hope that youve had the chance to reflect on the many freedoms and blessing we enjoy as citizens of the United States. At Coalfire, we know full well that those freedoms have been paid for, at least in part by the Americas...
VMware releases PCI Solution Guide and it has good news for compliance-oriented buyers
This month VMware release an important document, the VMware Solution Guide for Payment Card Industry PCI. Its significant because it is the first document of its kind to map the PCI requirements - including those authored by the PCI SSCs Virtualization SIG - to a commercially-available stack of...
P2P Encryption Program now available from PCI Council
The PCI council has updated the Point-to-Point encryption P2PE program requirements PDF. The update impacts merchants, payment applications, point of sale vendors and service providers. As a participating organization of the PCI P2PE task force, providing input into the standard, I wanted to...
Moving to the Cloud: Considerations for Implementing Cloud Migration Plans
Over 60 executive level attendees came to the Omni Interlocken Resort in Broomfield, Colorado for the National Council of Higer Education Loan Programs NCHELP Spring convention and to hear from a panel of cloud experts on how the migration to cloud IT services could impact their business in the...
Coalfire Acquires Digital Resources Group in California
We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group DRG in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance IT GRC...
FISMA vs FedRAMP: Compliance requirement differences
Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a clou...
The hackerproof password? Tips and advice on password management
Having some security expert tell you that you should be creating strong passwords that are unique per account and change frequently is like your dentist telling you that you should floss morning, night and after consuming any dentally dangerous foods. The majority of us say, "yeah right". The tru...
Surprises Ahead for Some Level 2 Merchants
The PCI DSS has been around for years, and most PCI "pros" are familiar with the processes needed to validate compliance. However, insiders often forget that small changes to the guidelines can have a big impact on merchants. One such change is upon us: MasterCards new validation guidelines for...
Mobile Banking Malware: Protect Your Finances
The prolific rise in smartphones, tablets and other portable devices has greatly expanded the ways in which we interact with personal and professional services. The public can now singlehandedly use their mobile device to pay for things with the ease of flashing their cell phone. Unfortunately,...
What We Learned at HIMSS12
A few weeks ago, more than 35,000 healthcare IT professionals and 1,100 exhibitors converged on Las Vegas. Some were there to go shopping for "HIT" or health information technology; others were there to sell it. The IT professionals from across the healthcare spectrum were there to meet with each...
RSA 2012: Mobile, Cloud, and Intelligent Control
It was good to catch up with our customers and partners at RSA 2012 this week. Much of the buzz this year was around mobile devices and securing the cloud. We were glad to see innovative organizations introducing compliance-validated architectures based on these emerging technologies. One such...
The Budding Healthcare IT Spring
HIMSS12 is in full production in Las Vegas this week. Over 40,000 healthcare IT professionals and service providers have descended upon a conference that will set the direction for a new wave to technology innovations for the healthcare industry. Almost every booth has a sign that extolls the...
Is your HIPAA Security and HITECH audit program in order?
Healthcare organizations have been working towards HIPAA and HITECH compliance for a few years now. "Surprise" HIPAA compliance audits conducted by the OCR have begun and at Coalfire weve come across some gaps that have led organizations to fall short of their compliance initiatives...
Password Management: How many do you need to remember?
In todays online world, the proliferation of usernames and passwords has resulted in a cottage industry springing up to meet the need to keep track of them in a secure manner. Software and hardware providers have developed a number of unique approaches to deal with this problem, but they all...
Data Privacy Day 2012 – BYOD
January marks Data Privacy Month and on January 28th we celebrated Data Privacy Day. In the past year, we have seen an increase in the consumerization of IT and "Bring Your Own Device" BYOD in the enterprise. In honor of Data Privacy Day 2012, we have partnered with The Center for Identity at The...
Formalized IT Security Policy Now Required for Government Prime and Sub-contractors
This month the GSA announced an IT security mandate for government prime- and sub-contractors that requires them to have a formalized IT security plan that includes periodic audits. Many government sub-contractors, large and small, will benefit from a third-party compliance program review so they...
Coalfire in the News
Its been quite a season in the world of IT security as we move into 2012. As experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we have had to say recently:...
Electronic Health Records and Meaningful Use: Protecting Electronic Health Information
Since 2009, healthcare providers and other companies providing services to the healthcare industry have been mobilizing to take advantage of government incentives to implement Electronic Health Records or EHRs. These incentives were established by federal law as a part of the HITECH Act of 2009,...
Cyber Security Fraud in the Banking Industry: Lessons Learned in OCC Examiner Training
In late October 2011, Coalfire participated in a day of IT audit training with about 35 bank examiners. As you would expect, we covered a lot of previously hot topics. The conversation changed as we started talking about the amount of fraud being realized by community banks and credit unions...
What is Your Risk Assessment Worth?
A risk assessment provides your organization with a tool to determine how, where and how much to invest in controls and security over technology. It also serves to document the risk acceptance policy of your organization as the acceptable level of risk dictates the level of controls to be...
GivingFirst Launches online Charity Processing Service
In the spirit of the Holiday Season, Coalfire has made a significant contribution to GivingFirst.org in the form of free Penetration Testing services. GivingFirst is a Denver-based community foundation whose mission is "to improve quality of life by increasing community generosity and involvement...
Exercise your Incident Response Plan
So youve finally completed your Incident Response Plan. Youve named your team, defined roles, documented standard operating procedures, and establishing escalation processes. Heck, youve even got training material. So now what?...
Cyber Security Awareness - Are you Doing All You Can to Stay Safe?
Every company has vulnerabilities and must learn to protect themselves from fast-moving cyber threats. Below are a few tips to keep in mind as you examine your network security:...
Can we kick the attachment habit?
As consumers of messaging services, particularly email, we have become addicted to attachments. This habit has become an easy avenue for mounting cyber-attacks against an organization. In the 2010 Verizon Data Breach Investigations Report, conducted in cooperation with the United States Secret...
Recent Surveys Reveal Trends and Spending Habits for Retailers in PCI Compliance
Recently, Gartner Research released two separate research reports on retailer PCI DSS compliance progress, trends and strategies. These reports are based on a survey of 77 merchants of varying sizes and covers a wide range of topics, including compliance status, spending and the incidence of...
Phishing Season: Spam on the rise
Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment...
Coalfire Appoints Larry Jones to Board of Directors
We are proud to announce the election of Larry Jones to our board of directors. Larry is the former CEO of StarTek, Activant, Message Media and NeoData, and is a seasoned veteran in technology services. He also serves on the board of Comverge, Inc., a publicly traded provider of smart grid, deman...
New Guidelines Address PCI DSS Tokenization
"Tokenization" is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and,...
Cyber Defense Summit 2011
On September 14, we will be partnering with InfraGards New York City Alliance to host a one-day Cyber Defense Summit. This year we have seen a drastic increase in data breaches. As these hacks have become daily occurrences, enterprises must learn how to protect their data while simultaneously...
Viruses and Vendors Can Put Healthcare Data At Risk
A recent article in Healthcare Security Info highlights that computer viruses can cause security breaches, that can then in turn compromise health care data and potentially violate the HIPAA and HITECH Act regulations. Beth Israel Deaconess Medical Center in Boston had to notify more than 2,000...
Where should CISO report?
A key question faced by many organizations in defining the role and responsibilities of the security organization, is where to align the most senior information security executive, typically referred to as the Chief Information Security Officer or CISO. To answer this question it is important to...
Coalfire Systems Assessment: Merchant Link’s TransactionShield and TransactionVault Reduce Merchant’s PCI Scope
Merchants spend a lot of time and money developing IT controls programs to protect consumer credit card data. Through our work with thousands of retailers, weve learned that one of the best ways to contain costs and reduce risk is to keep cardholder data out of as many systems and business...
This Week: Coalfire Systems in the News
Its been quite a week in the world of IT security, and as experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we had to say recently:...
Coalfire Expands Dallas Office and Names Kurt Hagerman Managing Director
I am pleased to announce that our Dallas office is growing by leaps and bounds. Leading the charge is Kurt Hagerman, the newly appointed managing director. Kurt will serve more than 60 clients in the Southwest region and oversee Coalfires strategic vision while building new client relationships f...
HIPAA Compliance and Call Centers
In a previous post titled Is It Safe to Speak? Protection for Telephone-Based Payment Card Data, I commented on the PCI SSC new requirements for call center operations and recording systems. Call center security has been a hot topic for a long time. How safe is the information that is given over...
They Changed What? HIPAA & HITECH
In 1996, the Healthcare Insurance Portability and Accountability Act HIPAA opened the door to increased exchanges of healthcare information in an effort to improve care and reduce costs. The Act included new provisions for protected health information PHI. Since there are only a few limited revie...
Meet John Rostern: Managing Director of the New York Office
We are pleased to announce that John Rostern has joined Coalfire Systems as managing director of the New York office...
Botnets: 2011 Rocky Mountain Information Security Conference
Botnets have become one of the most dangerous cyber threats affecting businesses today. Botnets criminals focus on the same things as most criminals: money and information. That is why these criminals are targeting payroll, human resources departments, C-level executives and senior strategists...
Trust the ‘Cloud’ (just make sure you have it examined first)
In the wake of Amazons Web Service disruption over the past few days we think it is important to look at the case a little closer...
Mobile Application Security – The New Frontier
The power and popularity of consumer mobile computing is changing faster then you can say iFart the 1 downloaded app worldwide. Commercial entities are rapidly adopting mobile-based applications for retail sales floors, restaurants and dining rooms, distributed mobile banking, and more...
Is it Safe to Speak? Protection for Telephone-Based Payment Card Data
Recently, the PCI Security Standards Council released educational resource requirements for securing cardholder data in audio recordings. The PCI SSC has been focusing on call center operations and recording systems of merchants. The need to provide a secure system to protect cardholder data is a...
Coalfire Systems Speaking at Shared Assessments Summit 2011
Do you know how to ensure reliability and resiliency in cloud and SaaS environments? Join leaders from within the IT outsourcing risk management industry at the Shared Assessments Summit 2011 in Boston on March 29 and 30. Coalfire is participating in this summit because the value of managing risk...