.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
The Dangers of a Written Information Security Program (WISP)
by Joel Goloskie on February 22, 2018 at 10:30 AM
This is a guest post that was written by Joel Goloskie, Esq. Joel is Senior Counsel with Pannone, Lopes, Devereaux, & O'Gara in Boston. Joel is a member of the firms Healthcare, Litigation, and Corporate & Business Teams. Joel advises and assists his clients on the various int …
The NIST Cybersecurity Framework - The Protect Function
by Geoff Yeagley on July 19, 2017 at 10:43 AM
For the second part of our series on the NIST Cybersecurity Framework, we are going to be discussing the Protect function. Last time we discussed the Identify function which talked about the need to really understand your critical infrastructure, your systems, and the risks associated …
HIPAA Compliance and Audit Controls - What You Need to Know
by Geoff Yeagley on February 22, 2017 at 4:45 AM
If you have read the news lately on healthcare and specifically HIPAA, you probably saw references to a recent HIPAA settlement between Memorial Health Systems of Florida and the Department of Health and Human Services (HHS). I’m sure the amount of the settlement caught your attention …
5 Quick Tips To Help With Information Security
by Geoff Yeagley on November 29, 2016 at 1:30 PM
Information Security is a moving target. Once you "think" that you have it figured out, boom, here comes another new threat to knock you back on your heels and question just how strong your Information Security program is. That's the bad news. The good news is that we are going to giv …
IT GRC - Compliance
by Geoff Yeagley on August 2, 2016 at 11:34 AM
Over the past week we have been discussing an overview of IT Governance, Risk, and Compliance as well as diving into each of the components that make up this program. Today we are going to talk about the final piece of the IT GRC puzzle: Compliance.
Critical Security Control 19: The Incident Response Plan
by Geoff Yeagley on May 17, 2016 at 12:16 PM
In the world of Information Security, we have all heard of the Center for Internet Security Top 20 Critical Security Controls (CSC's) which is formerly known as the SANS Top 20. This is a list of the 20 IT Security Controls that an organization can implement to strengthen their IT Sec …