.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Phishing Examples: Even the Security Folks Get Targeted
by Geoff Yeagley on March 4, 2016 at 10:00 AM
We all hear about phishing emails. All the time. In fact, there is a never ending dialogue about phishing emails in the news, the most recent one being the IRS emailing to say that you owe them money and they are going to arrest you if you don't pay immediately. As a side note, this i …
IT Risk Assessment and the SANS Top 20 - Part IV
by Geoff Yeagley on February 23, 2016 at 11:00 AM
I know, I know. Before you even say it, they are called the Center for Internet Security Critical Security Controls, not the SANS Top 20 anymore. But, everyone knows them as the SANS Top 20 and often times still refers to them by this name which is why I stuck with it for the final pa …
SSAE 16 SOC 2 Reports: What Are They?
by Geoff Yeagley on February 18, 2016 at 12:28 PM
The SSAE 16 process, on the surface, sounds confusing. Most of this has to do with the terminology that is used, particularly the similarity of the terms used. In this blog post we are going to cover what the SSAE 16 is, what the different SOC Reports, what are the different types of …
IT Risk Assessments and the SANS Top 20 - Part III
by Geoff Yeagley on February 16, 2016 at 10:56 AM
As we continue down our journey of discussing the importance of the SANS Top 20 Critical Security Controls, I want to make one important clarification that was brought to my attention by one of the readers of our blog. It should be noted that the controls that we are referring to in t …
The SANS Top 20, A Vulnerability Assessment, and Penetration Testing
by Geoff Yeagley on February 11, 2016 at 10:00 AM
The SANS Top 20 Critical Security Controls outline the 20 most critical controls that an organization should implement to ultimately reduce their overall risk of suffering a data breach. These controls were originally developed in 2008 by the NSA at the request of the Office of the Se …
IT Risk Assessments and the SANS Top 20 - Part II
by Geoff Yeagley on February 9, 2016 at 10:00 AM
We are in part II of the blog series that we are doing on the SANS Top 20 Critical Security Controls (CSC) and why organizations are using these controls as a foundation for their IT Risk Assessments. This week we are going to cover CSC's 6 through 10 and provide a little overview of …