.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Weighing Your Multi-Factor Authentication Options
by Jeffrey Torrance on April 14, 2022 at 2:30 AM
At this point most of us have heard that securing our accounts with only passwords, no matter how complex, is not enough. Do not get me wrong, requiring strong passwords (14 or more characters, composed of uppercase and lowercase letters, and including symbols and numbers) is essentia …
PCI DSS v4.0 Released – What Changes Were Made?
by Kyle Daun on April 4, 2022 at 2:15 PM
On January 1st, 2019, the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 came into effect replacing v3.2 which had been in place since October 31st, 2016. Many changes have occurred since January of 2019, one of which being the worldwide shut down in the first half of 2 …
Receiving a Scam Text… From My Own Phone Number
by Nicholas Foisy on March 30, 2022 at 5:00 PM
Throughout my years working in the IT security and compliance field I have had the opportunity to learn about dozens of different social engineering attack strategies that malicious actors will utilize to achieve their goals. This past weekend, I had the unique opportunity to witness …
It (Should) Be an MFA World, We Are Just Living in It
by Derek Boczenowski on March 24, 2022 at 3:15 PM
Last week I was working in front of my laptop (happily, for any Compass staff reading) when I got an incoming text message. It was from Verizon. They had received my service request and were working on it. It was quickly followed by another text saying I could check the status of my r …
Risk Management – Everyone Needs a Seat at the Table
by Donald Mills on March 17, 2022 at 1:00 PM
In the security world there’s a common saying that compliance isn’t security and security isn’t compliance. I believe what gets missed in this saying is the role proper risk assessments and risk management play in marrying up security and compliance.
Recommendations from CISA's Recent “Shields Up” Warning
by Jesse Roberts on March 10, 2022 at 2:00 PM
On February 26th, 2022, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued immediate Shields Up actions for organizations to take in response to the ongoing conflict with Russia. The basic guidelines are as follows: