.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
QR Code Package Scam: What You Need to Know
by Nicholas Foisy on February 14, 2025 at 1:14 PM
In recent months, reports of a new scam involving unexpected packages and QR codes have emerged, raising concerns among consumers and cybersecurity experts alike. This scam, which appears to be an evolution of the well-known "brushing" scheme, is designed to trick recipients into scan …
Cyber Insurance in 2025: Navigating Emerging Threats & Trends
by Kelly O’Brien on February 6, 2025 at 4:20 PM
As we enter 2025, the cyber insurance landscape is undergoing transformative changes driven by escalating cyber threats, shifting regulatory requirements, and evolving market conditions. Businesses must proactively stay informed on these trends to safeguard their digital assets, optim …
Physical Security Assessments: Covert Entry vs Escorted Walkthrough
by Patrick Laverty on January 31, 2025 at 1:53 PM
When businesses seek a third-party physical security assessment, they must decide on the most appropriate testing methodology to gauge their security posture. These methodologies may go by several names, but the concepts and approaches often fit into one of two categories: covert entr …
Domain Name Server (DNS) Hijacking Defined
by Peter Fellini on January 6, 2025 at 11:43 AM
The Domain Name System (DNS) serves as the backbone of internet communication, translating human-readable domain names into machine-readable IP addresses. Despite its importance, DNS is often targeted by malicious actors due to vulnerabilities that can compromise its integrity. One of …
Do SOC 2 Auditors Read and Review Code?
by Bernard Gallagher on December 26, 2024 at 1:04 PM
For organizations pursuing SOC 2 compliance, understanding the scope and focus of the audit process is crucial. A common question that arises is whether auditors review source code as part of the SOC 2 audit. Having clarity on this topic is essential, and organizations can benefit fro …
The Value of Penetration Testing in SOC 2 Audits
by Jerry Hughes on October 18, 2024 at 10:00 AM
Where data breaches and cyber threats have become increasingly common, organizations adopt robust security measures to protect their sensitive information. For businesses seeking SOC 2 compliance, penetration testing (pen testing) serves as an invaluable tool in assessing and enhancin …