Compass IT Compliance Blog

QR Code Package Scam: What You Need to Know

QR Code Package Scam

In recent months, reports of a new scam involving unexpected packages and QR codes have emerged, raising concerns among consumers and cybersecurity experts alike. This scam, which appears to be an evolution of the well-known "brushing" scheme, is designed to trick recipients into scan …

Read Story

Aligning Zero Trust Principles with SOC 2 Trust Service Criteria

Zero Trust SOC 2 Compliance

Achieving SOC 2 compliance requires organizations to implement rigorous security controls, and adopting a Zero Trust approach can significantly enhance this effort. Zero Trust is built on the principle of “never trust, always verify”, ensuring that access to systems, data, and applica …

Read Story

CJIS Security Policy v6.0 – Key Updates You Need to Know

Criminal Justice Information Services (CJIS) Security Policy v6.0

The Criminal Justice Information Services (CJIS) Security Policy v6.0, released on December 27, 2024, introduces significant modernization efforts aimed at enhancing security, compliance, and risk management in handling Criminal Justice Information (CJI). As technology and cyber threa …

Read Story

Cyber Insurance in 2025: Navigating Emerging Threats & Trends

Cyber Liability Insurance

As we enter 2025, the cyber insurance landscape is undergoing transformative changes driven by escalating cyber threats, shifting regulatory requirements, and evolving market conditions. Businesses must proactively stay informed on these trends to safeguard their digital assets, optim …

Read Story

How Can I Hire a Virtual CISO For My Business?

How Can I Hire a Virtual CISO For My Business?

As cybersecurity threats continue to evolve, businesses—especially small and mid-sized enterprises (SMEs)—are increasingly recognizing the need for strong security leadership. However, hiring a full-time Chief Information Security Officer (CISO) may not always be feasible due to budge …

Read Story

New PCI Requirements Released for SAQ A Merchant Validation

New SAQ A Requirements

The PCI Security Standards Council (PCI SSC) recently introduced significant updates for merchants validating their compliance using Self-Assessment Questionnaire A (SAQ A). These updates, part of PCI DSS v4.0.1, reflect industry feedback and evolving security concerns, particularly t …

Read Story

Subscribe by email