.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
The SANS Top 20, A Vulnerability Assessment, and Penetration Testing
by Geoff Yeagley on February 11, 2016 at 10:00 AM
The SANS Top 20 Critical Security Controls outline the 20 most critical controls that an organization should implement to ultimately reduce their overall risk of suffering a data breach. These controls were originally developed in 2008 by the NSA at the request of the Office of the Se …
IT Risk Assessments and the SANS Top 20 - Part II
by Geoff Yeagley on February 9, 2016 at 10:00 AM
We are in part II of the blog series that we are doing on the SANS Top 20 Critical Security Controls (CSC) and why organizations are using these controls as a foundation for their IT Risk Assessments. This week we are going to cover CSC's 6 through 10 and provide a little overview of …
IT Risk Assessment and the SANS Top 20 - Part I
by Geoff Yeagley on February 2, 2016 at 10:30 AM
Last week we discussed the SANS Top 20 Critical Security Controls (CSC), what they are, and where they came from. This week we are going to start to dig into a handful of the Critical Security Controls to discuss what they are and why these controls are so important. In fact, industry …
IT Risk Assessments and the SANS Top 20
by Geoff Yeagley on January 26, 2016 at 10:14 AM
No matter what industry you are in, conducting a thorough IT Risk Assessment is critical to your organization for a number of reasons. First, it gives you a point in time measurement of how your IT Security posture compares to either various regulations or IT Security Frameworks.
Social Engineering - What You Need to Know
by Geoff Yeagley on January 19, 2016 at 11:04 AM
For those of us in the Information Security world, we hear terms thrown around all the time that are often interchanged, confused, and sometimes misused. One of those terms is Social Engineering. On the surface, this is a confusing term that doesn't appear to have anything to do with …
Social Engineering - Mitigating Your Risk
by Geoff Yeagley on January 12, 2016 at 11:41 AM
As we look into 2016 and what trends are going to take place this year in the world of Information Security, there is one thing that we can predict with significant confidence: Employees will remain the biggest threat to your Information Security Program and ultimately the safety of t …