.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Virtual CISO: What’s the Benefit?
by Nicholas Foisy on December 13, 2019 at 3:30 PM
The Chief Information Security Officer (CISO) is a vital role within most organizations. Tasked with establishing and maintaining the organizational vision, strategy, and program to ensure information technology assets are adequately protected, this individual is often your primary de …
Incident Response for Real
by Jesse Roberts on December 4, 2019 at 3:04 PM
Organizations are finally beginning to implement some type of incident response plans. Most of these plans revolve around NIST 800-61 Computer Security Incident Handling Guide. This guide is an amazing framework to help your organization get something in place, however, just referenci …
What You Can Do to Better Prepare Yourself for Holiday Scams
by David Bienkiewicz on November 27, 2019 at 1:29 PM
It’s that time of the year again! With the holiday season upon us, many criminals will be attempting to scam people via phishing emails. This time of the year (Black Friday, Christmas) is the most lucrative for attackers due to the fact that stores are having a crazy amount of sales w …
Guide to Improving Your Security Awareness Training
by Kyle Daun on November 20, 2019 at 1:00 PM
For the past 3 years that I’ve worked at Compass IT Compliance, I’ve had the opportunity to travel the country and meet with various clients ranging from small businesses with less than 10 people to organizations with offices around the world. The main constant that I have noticed wit …
Vendor Risk Management: Importance of Service Level Agreements
by Andrew Paull on November 13, 2019 at 1:00 PM
Every organization, at one point or another, regardless of maturity, complexity, or business vertical, will have a need to work with a vendor, partner, or client to move business goals forward and maintain functional operations. Although vendors, partners, and clients have different r …
Deciphering the PCI Testing Requirements of PCI-DSS Requirement 11
by Adam Cravedi on November 6, 2019 at 1:00 PM
PCI-DSS Requirement 11: Regularly test security systems and processes As a Qualified Security Assessor (QSA) organization and a security analyst, we receive many questions about meeting the various testing controls outlined within the Payment Card Industry Data Security Standard (PCI- …