.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
OWASP Top 10: Why Compliance to OWASP Matters
by Jake Dwares on November 10, 2022 at 1:00 PM
During a recent web application penetration test, my Compass IT Compliance colleague Jesse Roberts was quickly able to identify and exploit a coding vulnerability on a client’s public facing web portal. As part of the engagement, Jesse was initially granted “standard user” access to t …
A Closer Look at PCI DSS v4.0 Vulnerability Scanning Requirements
by Danielle Corsa on November 4, 2022 at 11:00 AM
The Payment Card Industry Data Security Standard (PCI DSS) requires vulnerability scanning of any organization’s network assets. Quarterly network scans are required of all companies to be conducted by a certified third-party Approved Scanning Vendors (ASV) or Qualified Security Asses …
Only YOU Can Prevent Cyberattacks This October (And Beyond)
by Brian Kelly on October 13, 2022 at 4:30 PM
Some of you may be old enough to remember Smokey the Bear. Created in 1944, the Smokey Bear Wildfire Prevention campaign is the longest-running public service advertising campaign in U.S. history. In 1947, Smokey’s slogan became "Remember... Only YOU Can Prevent Forest Fires".
Self-Assessment Questionnaire (SAQ) A Changes in PCI DSS v4.0
by Kyle Daun on September 16, 2022 at 2:45 PM
With the recent updates to the Payment Card Industry Data Security Standard (PCI DSS) requirements, many organizations that are currently PCI compliant in accordance with version 3.2.1 may become noncompliant with version 4.0.
Using the HECVAT to Measure Vendor Risk
by Brian Kelly on September 8, 2022 at 1:00 PM
Not a day goes by without a conversation about third-party risk management. Our clients are being bombarded in all directions; asked by regulators, auditors, their clients, and customers alike to complete third-party risk assessments (SIG, CAIQ, HECVAT).
Your Guide To Cyber Liability Insurance
by Brian Kelly on August 31, 2022 at 1:00 PM
Unsafe at Any Speed: The Designed-In Dangers of the American Automobile is a non-fiction book by consumer advocate Ralph Nader, first published in 1965. Its central theme is that car manufacturers resisted the introduction of safety features (such as seat belts) and that they were gen …