Compass IT Compliance Blog

IT Risk Assessment and the SANS Top 20 - Part IV

IT Risk Assessment and the SANS Top 20 - Part IV

I know, I know. Before you even say it, they are called the Center for Internet Security Critical Security Controls, not the SANS Top 20 anymore. But, everyone knows them as the SANS Top 20 and often times still refers to them by this name which is why I stuck with it for the final pa …

Read Story

SSAE 16 SOC 2 Reports: What Are They?

SSAE 16 SOC 2 Reports: What Are They?

The SSAE 16 process, on the surface, sounds confusing. Most of this has to do with the terminology that is used, particularly the similarity of the terms used. In this blog post we are going to cover what the SSAE 16 is, what the different SOC Reports, what are the different types of …

Read Story

IT Risk Assessments and the SANS Top 20 - Part III

IT Risk Assessments and the SANS Top 20 - Part III

As we continue down our journey of discussing the importance of the SANS Top 20 Critical Security Controls, I want to make one important clarification that was brought to my attention by one of the readers of our blog. It should be noted that the controls that we are referring to in t …

Read Story

The SANS Top 20, A Vulnerability Assessment, and Penetration Testing

The SANS Top 20, A Vulnerability Assessment, and Penetration Testing

The SANS Top 20 Critical Security Controls outline the 20 most critical controls that an organization should implement to ultimately reduce their overall risk of suffering a data breach. These controls were originally developed in 2008 by the NSA at the request of the Office of the Se …

Read Story

IT Risk Assessments and the SANS Top 20 - Part II

Electronic links lead to a blue digital lock

We are in part II of the blog series that we are doing on the SANS Top 20 Critical Security Controls (CSC) and why organizations are using these controls as a foundation for their IT Risk Assessments. This week we are going to cover CSC's 6 through 10 and provide a little overview of …

Read Story

IT Risk Assessment and the SANS Top 20 - Part I

Black and red cartoon bugs attack code

Last week we discussed the SANS Top 20 Critical Security Controls (CSC), what they are, and where they came from. This week we are going to start to dig into a handful of the Critical Security Controls to discuss what they are and why these controls are so important. In fact, industry …

Read Story

Subscribe by email