.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
What is Social Engineering? The Phishing Email
by Derek Morris on April 4, 2017 at 9:30 AM
What is Social Engineering? Part 2 The seemingly most common way for an attacker to use social engineering to gain entry, exfiltrate information or disrupt business is through email phishing. As I mentioned in the previous blog, slick tactics like using nicknames and shockingly proper …
PCI Compliance Requirements: Some Tools to Help With Requirement 10!
by Derek Morris on March 29, 2017 at 10:00 AM
PCI Requirement 10 states: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are critical in preventing, detecting and minimizing the impact of a data compromise. The presence of logs in all environments a …
HIPAA Compliance: 5 HIPAA Mistakes to Avoid!
by Derek Boczenowski on March 28, 2017 at 9:30 AM
Here at Compass, we have seen a huge upswing in the number of HIPAA / HITECH risk assessments we have been conducting over the last year. Covered entities (Doctors, Hospitals, Pharmacies) and health plans are obviously storing PHI (protected health information) and ePHI (electronic pr …
Why You Need an Incident Response Plan....Now!
by TJ Quirk on March 21, 2017 at 10:00 AM
You’ve been breached. Now what? New vulnerabilities are coming fast and furious. The unfortunate truth for most of us is, it’s not a matter of IF we are breached, it’s a matter of WHEN we are breached. Replace the worry with a plan - an Incident Response Plan. What qualifies as an inc …
IT Audit: Because you know I'm all about that Scope, 'bout that scope.
by Jerry Hughes on March 20, 2017 at 10:00 AM
The term IT Audit is so often used and misused by IT and business professionals in all industries. According to Wikipedia, IT Audit is defined as, “an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence deter …
What is Social Engineering? Part I
by Derek Morris on March 14, 2017 at 9:45 AM
This post will be the first part in a series of three blog posts that outlines some of the most common methods “hackers” use, from a very high level, to gain access to your systems though social engineering tactics. The next two posts will dig a bit deeper into the different methods, …