.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Critical Security Control 19: The Incident Response Plan
by Geoff Yeagley on May 17, 2016 at 12:16 PM
In the world of Information Security, we have all heard of the Center for Internet Security Top 20 Critical Security Controls (CSC's) which is formerly known as the SANS Top 20. This is a list of the 20 IT Security Controls that an organization can implement to strengthen their IT Sec …
Ransomware Alert: Big Business and the Evolution of Phising
by Geoff Yeagley on May 3, 2016 at 1:20 PM
Ransomware is certainly nothing new as it has been around for several years, however, it sure is gaining quite a bit of attention these days. In fact, Ransomware is gaining so much attention that on Friday, the FBI released an article discussing the fact that ransomware is on the rise …
How Phishing Emails Can Cost You $40,000
by Geoff Yeagley on March 22, 2016 at 10:00 AM
To me, math is what makes the world work. If you think about it, just about everything involves math, especially when it comes to business. When I was going through my MBA program, I really underestimated the amount of math and calculations that you needed to perform for essentially e …
SSAE 16 SOC 2 Reports: What Are They?
by Geoff Yeagley on February 18, 2016 at 12:28 PM
The SSAE 16 process, on the surface, sounds confusing. Most of this has to do with the terminology that is used, particularly the similarity of the terms used. In this blog post we are going to cover what the SSAE 16 is, what the different SOC Reports, what are the different types of …
IT Risk Assessments and the SANS Top 20 - Part III
by Geoff Yeagley on February 16, 2016 at 10:56 AM
As we continue down our journey of discussing the importance of the SANS Top 20 Critical Security Controls, I want to make one important clarification that was brought to my attention by one of the readers of our blog. It should be noted that the controls that we are referring to in t …
IT Risk Assessments and the SANS Top 20 - Part II
by Geoff Yeagley on February 9, 2016 at 10:00 AM
We are in part II of the blog series that we are doing on the SANS Top 20 Critical Security Controls (CSC) and why organizations are using these controls as a foundation for their IT Risk Assessments. This week we are going to cover CSC's 6 through 10 and provide a little overview of …