Lucene search
K
CoalfireRecent

603 matches found

The Coalfire Blog
The Coalfire Blog
added 2012/10/29 2:8 p.m.16 views

IT Security Horror Stories: Tale of the Fake IT Rep

Some IT security monsters arent as obvious as a Mummy. At Coalfire Labs, we discover--and help our clients address--some pretty scary security and compliance problems. There are lots of deceptive monsters looking to exploit the weaknesses of their victims. This is one of those terrifying but true...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/10/29 1:56 p.m.11 views

IT Security Horror Stories: Truth is Scarier Than Fiction

At Coalfire Labs, we discover--and help our clients address--some pretty scary security and compliance problems. Everyones heard of blood-sucking cyber criminals looking for vulnerable IT systems. Even when organizations have protections in place, these monsters just wont give up. Their appetite ...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/10/29 1:45 p.m.13 views

IT Security Horror Stories: The Case of the Phantom Technician

At Coalfire Labs, we discover--and help our clients address--a lot of scary security and compliance problems. Like zombies out looking for a victim, nefarious characters are out to attack your IT infrastructure and compromise your systems. Even when organizations have protections in place, the...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/10/19 12:22 p.m.16 views

Coalfire Client FireHost Achieves HITRUST CSF Certification

Yesterday, we were delighted to see our long-time client Firehost announce that they achieved Common Security Framework CSF "Certified" status from the HITRUST Alliance. Headquartered in Richardson, Texas, FireHost has made compliance a top priority, and weve enjoyed working with them to achieve...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/10/04 1:45 p.m.14 views

Cyber Security Legislation

October is Cyber Security Awareness Month: Get Informed and Get Involved on Cyber Legislation. Every October, the National Cyber Security Alliance sponsors National Cyber Security Awareness Month, and a growing number of businesses and institutions are joining the chorus. The White House got in o...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/09/11 12:14 p.m.12 views

My DEFCON social engineering talk and DerbyCon

This year has been a year of firsts for me and for Coalfire. I was recently hired to my first Information security job as a penetration tester for Coalfire Labs, the forensic and app/network testing side of Coalfire. Many of the Coalfire Labs team attended DEFCON in Las Vegas in early August.. No...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/08/14 10:26 p.m.20 views

BYOD Survey Results: Employees are not playing it safe with company data

Employers are seeing a drastic increase in the number of employees using personal smartphones and tablets in the office. This "Bring Your Own Device" BYOD trend is causing headaches for the IT department and there is no stopping this trend. Due to the sensitive nature of company information often...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/07/18 12:58 p.m.23 views

Coalfire Certificates: Proof of a Job Well Done

Most security professionals don't like to boast about their good work. They would rather stay behind the scenes to keep systems and data protected from harm. However, companies also need to let customers and business partners know that they have a security program and are compliant with applicabl...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/07/10 9:42 a.m.10 views

Proudly Supporting Our Country’s Navy Reserves

July is a month in which we celebrate our nations independence and we hope that youve had the chance to reflect on the many freedoms and blessing we enjoy as citizens of the United States. At Coalfire, we know full well that those freedoms have been paid for, at least in part by the Americas...

0.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/06/22 3:41 p.m.11 views

VMware releases PCI Solution Guide and it has good news for compliance-oriented buyers

This month VMware release an important document, the VMware Solution Guide for Payment Card Industry PCI. Its significant because it is the first document of its kind to map the PCI requirements - including those authored by the PCI SSCs Virtualization SIG - to a commercially-available stack of...

3.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/25 2:18 p.m.12 views

P2P Encryption Program now available from PCI Council

The PCI council has updated the Point-to-Point encryption P2PE program requirements PDF. The update impacts merchants, payment applications, point of sale vendors and service providers. As a participating organization of the PCI P2PE task force, providing input into the standard, I wanted to...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/25 1:13 p.m.12 views

Moving to the Cloud: Considerations for Implementing Cloud Migration Plans

Over 60 executive level attendees came to the Omni Interlocken Resort in Broomfield, Colorado for the National Council of Higer Education Loan Programs NCHELP Spring convention and to hear from a panel of cloud experts on how the migration to cloud IT services could impact their business in the...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/10 11:12 a.m.18 views

Coalfire Acquires Digital Resources Group in California

We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group DRG in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance IT GRC...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/03 5:47 p.m.15 views

FISMA vs FedRAMP: Compliance requirement differences

Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a clou...

3.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/02 7:56 a.m.13 views

The hackerproof password? Tips and advice on password management

Having some security expert tell you that you should be creating strong passwords that are unique per account and change frequently is like your dentist telling you that you should floss morning, night and after consuming any dentally dangerous foods. The majority of us say, "yeah right". The tru...

0.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/04/12 2:10 p.m.9 views

Surprises Ahead for Some Level 2 Merchants

The PCI DSS has been around for years, and most PCI "pros" are familiar with the processes needed to validate compliance. However, insiders often forget that small changes to the guidelines can have a big impact on merchants. One such change is upon us: MasterCards new validation guidelines for...

2.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/04/02 7:2 a.m.11 views

Mobile Banking Malware: Protect Your Finances

The prolific rise in smartphones, tablets and other portable devices has greatly expanded the ways in which we interact with personal and professional services. The public can now singlehandedly use their mobile device to pay for things with the ease of flashing their cell phone. Unfortunately,...

2.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/03/16 12:22 p.m.16 views

What We Learned at HIMSS12

A few weeks ago, more than 35,000 healthcare IT professionals and 1,100 exhibitors converged on Las Vegas. Some were there to go shopping for "HIT" or health information technology; others were there to sell it. The IT professionals from across the healthcare spectrum were there to meet with each...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/03/02 3:30 p.m.11 views

RSA 2012: Mobile, Cloud, and Intelligent Control

It was good to catch up with our customers and partners at RSA 2012 this week. Much of the buzz this year was around mobile devices and securing the cloud. We were glad to see innovative organizations introducing compliance-validated architectures based on these emerging technologies. One such...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/02/23 1:24 p.m.10 views

The Budding Healthcare IT Spring

HIMSS12 is in full production in Las Vegas this week. Over 40,000 healthcare IT professionals and service providers have descended upon a conference that will set the direction for a new wave to technology innovations for the healthcare industry. Almost every booth has a sign that extolls the...

2.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/02/20 12:25 p.m.18 views

Is your HIPAA Security and HITECH audit program in order?

Healthcare organizations have been working towards HIPAA and HITECH compliance for a few years now. "Surprise" HIPAA compliance audits conducted by the OCR have begun and at Coalfire weve come across some gaps that have led organizations to fall short of their compliance initiatives...

4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/02/18 12:5 a.m.13 views

Password Management: How many do you need to remember?

In todays online world, the proliferation of usernames and passwords has resulted in a cottage industry springing up to meet the need to keep track of them in a secure manner. Software and hardware providers have developed a number of unique approaches to deal with this problem, but they all...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/01/30 3:51 p.m.13 views

Data Privacy Day 2012 – BYOD

January marks Data Privacy Month and on January 28th we celebrated Data Privacy Day. In the past year, we have seen an increase in the consumerization of IT and "Bring Your Own Device" BYOD in the enterprise. In honor of Data Privacy Day 2012, we have partnered with The Center for Identity at The...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/01/20 4:13 p.m.9 views

Formalized IT Security Policy Now Required for Government Prime and Sub-contractors

This month the GSA announced an IT security mandate for government prime- and sub-contractors that requires them to have a formalized IT security plan that includes periodic audits. Many government sub-contractors, large and small, will benefit from a third-party compliance program review so they...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/01/17 12:30 p.m.14 views

Coalfire in the News

Its been quite a season in the world of IT security as we move into 2012. As experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we have had to say recently:...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/01/09 3:33 p.m.12 views

Electronic Health Records and Meaningful Use: Protecting Electronic Health Information

Since 2009, healthcare providers and other companies providing services to the healthcare industry have been mobilizing to take advantage of government incentives to implement Electronic Health Records or EHRs. These incentives were established by federal law as a part of the HITECH Act of 2009,...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/01/03 8:59 p.m.14 views

Cyber Security Fraud in the Banking Industry: Lessons Learned in OCC Examiner Training

In late October 2011, Coalfire participated in a day of IT audit training with about 35 bank examiners. As you would expect, we covered a lot of previously hot topics. The conversation changed as we started talking about the amount of fraud being realized by community banks and credit unions...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/12/08 2:42 p.m.7 views

What is Your Risk Assessment Worth?

A risk assessment provides your organization with a tool to determine how, where and how much to invest in controls and security over technology. It also serves to document the risk acceptance policy of your organization as the acceptable level of risk dictates the level of controls to be...

2.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/12/06 10:20 a.m.9 views

GivingFirst Launches online Charity Processing Service

In the spirit of the Holiday Season, Coalfire has made a significant contribution to GivingFirst.org in the form of free Penetration Testing services. GivingFirst is a Denver-based community foundation whose mission is "to improve quality of life by increasing community generosity and involvement...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/11/07 6:45 p.m.10 views

Exercise your Incident Response Plan

So youve finally completed your Incident Response Plan. Youve named your team, defined roles, documented standard operating procedures, and establishing escalation processes. Heck, youve even got training material. So now what?...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/10/26 7:45 p.m.19 views

Cyber Security Awareness - Are you Doing All You Can to Stay Safe?

Every company has vulnerabilities and must learn to protect themselves from fast-moving cyber threats. Below are a few tips to keep in mind as you examine your network security:...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/10/11 2:56 p.m.8 views

Can we kick the attachment habit?

As consumers of messaging services, particularly email, we have become addicted to attachments. This habit has become an easy avenue for mounting cyber-attacks against an organization. In the 2010 Verizon Data Breach Investigations Report, conducted in cooperation with the United States Secret...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/09/06 4:11 p.m.18 views

Recent Surveys Reveal Trends and Spending Habits for Retailers in PCI Compliance

Recently, Gartner Research released two separate research reports on retailer PCI DSS compliance progress, trends and strategies. These reports are based on a survey of 77 merchants of varying sizes and covers a wide range of topics, including compliance status, spending and the incidence of...

2.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/09/01 4:11 p.m.19 views

Phishing Season: Spam on the rise

Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/08/29 4:25 p.m.14 views

Coalfire Appoints Larry Jones to Board of Directors

We are proud to announce the election of Larry Jones to our board of directors. Larry is the former CEO of StarTek, Activant, Message Media and NeoData, and is a seasoned veteran in technology services. He also serves on the board of Comverge, Inc., a publicly traded provider of smart grid, deman...

3.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/08/19 4:37 p.m.9 views

New Guidelines Address PCI DSS Tokenization

"Tokenization" is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and,...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/08/16 4:44 p.m.10 views

Cyber Defense Summit 2011

On September 14, we will be partnering with InfraGards New York City Alliance to host a one-day Cyber Defense Summit. This year we have seen a drastic increase in data breaches. As these hacks have become daily occurrences, enterprises must learn how to protect their data while simultaneously...

1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/08/09 4:48 p.m.11 views

Viruses and Vendors Can Put Healthcare Data At Risk

A recent article in Healthcare Security Info highlights that computer viruses can cause security breaches, that can then in turn compromise health care data and potentially violate the HIPAA and HITECH Act regulations. Beth Israel Deaconess Medical Center in Boston had to notify more than 2,000...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/07/06 4:53 p.m.9 views

Where should CISO report?

A key question faced by many organizations in defining the role and responsibilities of the security organization, is where to align the most senior information security executive, typically referred to as the Chief Information Security Officer or CISO. To answer this question it is important to...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/06/23 4:58 p.m.11 views

Coalfire Systems Assessment: Merchant Link’s TransactionShield and TransactionVault Reduce Merchant’s PCI Scope

Merchants spend a lot of time and money developing IT controls programs to protect consumer credit card data. Through our work with thousands of retailers, weve learned that one of the best ways to contain costs and reduce risk is to keep cardholder data out of as many systems and business...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/06/15 5:2 p.m.10 views

This Week: Coalfire Systems in the News

Its been quite a week in the world of IT security, and as experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we had to say recently:...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/06/14 5:25 p.m.15 views

Coalfire Expands Dallas Office and Names Kurt Hagerman Managing Director

I am pleased to announce that our Dallas office is growing by leaps and bounds. Leading the charge is Kurt Hagerman, the newly appointed managing director. Kurt will serve more than 60 clients in the Southwest region and oversee Coalfires strategic vision while building new client relationships f...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/06/09 12:8 a.m.14 views

HIPAA Compliance and Call Centers

In a previous post titled Is It Safe to Speak? Protection for Telephone-Based Payment Card Data, I commented on the PCI SSC new requirements for call center operations and recording systems. Call center security has been a hot topic for a long time. How safe is the information that is given over...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/05/24 7:16 a.m.15 views

They Changed What? HIPAA & HITECH

In 1996, the Healthcare Insurance Portability and Accountability Act HIPAA opened the door to increased exchanges of healthcare information in an effort to improve care and reduce costs. The Act included new provisions for protected health information PHI. Since there are only a few limited revie...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/05/11 12:38 a.m.16 views

Meet John Rostern: Managing Director of the New York Office

We are pleased to announce that John Rostern has joined Coalfire Systems as managing director of the New York office...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/05/09 12:43 a.m.14 views

Botnets: 2011 Rocky Mountain Information Security Conference

Botnets have become one of the most dangerous cyber threats affecting businesses today. Botnets criminals focus on the same things as most criminals: money and information. That is why these criminals are targeting payroll, human resources departments, C-level executives and senior strategists...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/04/26 12:53 a.m.24 views

Trust the ‘Cloud’ (just make sure you have it examined first)

In the wake of Amazons Web Service disruption over the past few days we think it is important to look at the case a little closer...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/04/18 11:3 a.m.10 views

Mobile Application Security – The New Frontier

The power and popularity of consumer mobile computing is changing faster then you can say iFart the 1 downloaded app worldwide. Commercial entities are rapidly adopting mobile-based applications for retail sales floors, restaurants and dining rooms, distributed mobile banking, and more...

4.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/04/12 11:6 a.m.12 views

Is it Safe to Speak? Protection for Telephone-Based Payment Card Data

Recently, the PCI Security Standards Council released educational resource requirements for securing cardholder data in audio recordings. The PCI SSC has been focusing on call center operations and recording systems of merchants. The need to provide a secure system to protect cardholder data is a...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/03/25 11:10 a.m.12 views

Coalfire Systems Speaking at Shared Assessments Summit 2011

Do you know how to ensure reliability and resiliency in cloud and SaaS environments? Join leaders from within the IT outsourcing risk management industry at the Shared Assessments Summit 2011 in Boston on March 29 and 30. Coalfire is participating in this summit because the value of managing risk...

2.9AI score
Exploits0
Total number of security vulnerabilities603