.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Incident Response for Real
by Jesse Roberts on December 4, 2019 at 3:04 PM
Organizations are finally beginning to implement some type of incident response plans. Most of these plans revolve around NIST 800-61 Computer Security Incident Handling Guide. This guide is an amazing framework to help your organization get something in place, however, just referenci …
What You Can Do to Better Prepare Yourself for Holiday Scams
by David Bienkiewicz on November 27, 2019 at 1:29 PM
It’s that time of the year again! With the holiday season upon us, many criminals will be attempting to scam people via phishing emails. This time of the year (Black Friday, Christmas) is the most lucrative for attackers due to the fact that stores are having a crazy amount of sales w …
Guide to Improving Your Security Awareness Training
by Kyle Daun on November 20, 2019 at 1:00 PM
For the past 3 years that I’ve worked at Compass IT Compliance, I’ve had the opportunity to travel the country and meet with various clients ranging from small businesses with less than 10 people to organizations with offices around the world. The main constant that I have noticed wit …
Vendor Risk Management: Importance of Service Level Agreements
by Andrew Paull on November 13, 2019 at 1:00 PM
Every organization, at one point or another, regardless of maturity, complexity, or business vertical, will have a need to work with a vendor, partner, or client to move business goals forward and maintain functional operations. Although vendors, partners, and clients have different r …
Deciphering the PCI Testing Requirements of PCI-DSS Requirement 11
by Adam Cravedi on November 6, 2019 at 1:00 PM
PCI-DSS Requirement 11: Regularly test security systems and processes As a Qualified Security Assessor (QSA) organization and a security analyst, we receive many questions about meeting the various testing controls outlined within the Payment Card Industry Data Security Standard (PCI- …
Controlling the Boot Process of a Suspect System
by Danielle Corsa on October 30, 2019 at 1:00 PM
Retrieving electronic evidence is an imperative part of any forensic investigation. One must follow a strict set of processes in order to ensure the proper extraction of data and to maintain the integrity of the media, establish chain of custody, and document hash values.