.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
FFIEC Guidance: Significant Changes to the Management Booklet
by Geoff Yeagley on November 18, 2015 at 10:00 AM
On November 10th, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Management booklet which is a part of the IT Examination Handbook. This is considered a major revision of the booklet and the first one to take place since 2004. As just a quick overview, …
The Top 5 Reasons You Should Have a Vendor Management Program
by Geoff Yeagley on November 10, 2015 at 10:09 AM
Last week we talked about what Vendor Management is and really why you should care about it for your organization. This week we are going to outline the top 5 reasons, in no particular order, of why your organization needs to have a Vendor Management Program implemented and that makes …
IT Security vs. Regulatory Compliance: Which One Came First?
by Geoff Yeagley on October 1, 2015 at 2:03 PM
Security or Compliance. Which one should we focus on? On the surface, this almost sounds like the question of which came first, the chicken or the egg. But if we dig deeper, we start to see that while they are similar and have similar goals, they can be very different in how they are …
Difference Between Vulnerability Scanning & Penetration Testing
by Kyle Daun on September 17, 2015 at 9:39 AM
As an IT Security Auditor with Compass IT Compliance over the past few years, I have had the privilege of engaging with a diverse range of individuals, from Boston to Los Angeles, and many places in between. A question that comes up frequently is about the distinction between vulnerab …
Top PCI Compliance Myths Debunked
by Geoff Yeagley on September 1, 2015 at 10:00 AM
PCI Compliance is an industry regulation that we hear about all the time, yet there remains a significant amount of confusion around what is required, who needs to be compliant, and how to go about becoming PCI compliant. Couple this with the fact that regulations change frequently an …
Your PCI Risk Assessment: Security vs. Compliance
by Geoff Yeagley on May 14, 2015 at 8:58 AM
Most people often think that security and compliance are the same thing, especially when looking at conducting a PCI Risk Assessment. Truth is, these are two very different topics yet are interchanged very frequently. A good place for us to start is to define these terms so that we kn …