» mmarshall

Understanding the Experian Independent Third Party Assessment (EI3PA) Requirements

Posted on January 7, 2011 by mmarshall in Main | Leave a comment

We frequently are asked about the Experian Independent Third Party Assessment (EI3PA).  The EI3PA is the Experian assessment requirements they impose on third parties that have access to credit history information. Not much of the documentation is publicly available so we thought we would share our insights based on our experience and reviewing the Experian guidance. The EI3PA came about because Experian wanted to make sure that credit history information shared with their partners was secured appropriately.  Rather than create …

Lessons from the McDonald’s, Walgreens and other recent data breaches

Posted on December 27, 2010 by mmarshall in Main | Leave a comment

Designing an effective Information Security Program is a process that requires a thorough knowledge of your assets (what you’re protecting) and the threat sources (the type of entity that might try to get it). Understanding these two factors is foundational to building an Infosec program. Based on the results of this characterization you will have an idea of the level of security you need. For example some workplaces have snacks in their lunch room that rely on the honor system. …

Healthcare Web Applications – The Security Achilles Heel

Posted on June 24, 2010 by mmarshall in Main | 1 Comment

At Redspin we have a unique view of the security space, given that we are hired to perform security assessments of customer web applications all the time. Our clients want to know if a hacker can access their Electronically Protected Health Records. The answer, sadly, is often yes. Many times it is dreadfully easy. This week we accessed a customer portal chock full of EPHI using the classic ‘or 1=1;– trick (SQL injection). For those not technically inclined, this string …

You want a penetration testing job?

Posted on September 10, 2009 by mmarshall Leave a comment

We take hiring pretty seriously and have a rigorous screening and background check process to find the “A Team.”  While most of the process is uneventful, some of the applicants give us a good chuckle.   Here is a list of some of our favorite candidates who didn’t make the grade: Taking the wrong path First line of cover letter & resume: “I am required to inform you that I have a felony conviction for illegal hacking.  My plea bargain requires …

« Previous   1 2