.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Using the HECVAT to Measure Vendor Risk
by Brian Kelly on September 8, 2022 at 1:00 PM
Not a day goes by without a conversation about third-party risk management. Our clients are being bombarded in all directions; asked by regulators, auditors, their clients, and customers alike to complete third-party risk assessments (SIG, CAIQ, HECVAT).
Your Guide To Cyber Liability Insurance
by Brian Kelly on August 31, 2022 at 1:00 PM
Unsafe at Any Speed: The Designed-In Dangers of the American Automobile is a non-fiction book by consumer advocate Ralph Nader, first published in 1965. Its central theme is that car manufacturers resisted the introduction of safety features (such as seat belts) and that they were gen …
Are You Protecting Your Attack Surface?
by Kelly O’Brien on August 25, 2022 at 1:00 PM
Does your organization understand its attack surface? Gartner, Inc., a technological research and consulting firm, recently published the top trends in Cybersecurity for 2022, with attack surface expansion coming in at number one.
PCI DSS v4.0 ROC Changes – Coming Now to an Organization Near You!
by Derek Boczenowski on August 17, 2022 at 3:30 PM
The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is here! It has been released, the documents are available publicly for anyone who would like to read them, and forms for both the 900-pound level 1 Report on Compliance (ROC) and the Self-Assessment Questionnaires …
MSP Breaches Opening the Door to Further Attacks on Clients
by Jake Dwares on August 10, 2022 at 1:00 PM
Is your Managed Service Provider (MSP) protecting yours and your client’s data? Are you regularly assessing your MSP and the rest of your vendors? It is no secret that hackers have gained access to more and larger companies over the past few years, but a new malicious tactic is coming …
Access Control to Combat Domestic and Global Threats
by Bryan Borrayo on August 4, 2022 at 1:00 PM
By now, most cybersecurity professionals have heard of the term access control. Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. Access control is comprised of two main components: authentication …