Compass IT Compliance Blog

MS-ISAC Warning About Emotet Malware

Introduction to Business Continuity Planning

PCI Requirement 12 - People, Policies, and Processes Time!

PCI Requirement 11 - Testing, Testing, 1, 2, 3!

PCI Requirement 10 - Big Brother is Watching!

PCI Requirement 9 – Lock the Doors and Don’t Forget the Windows Too!

The NIST Cybersecurity Framework - The Recover Function

PCI Requirement 8 - Identify, Authenticate, and Authorize!!

PCI Requirement 7 - Thou Shall Not Pass!

Defending From Within

PCI Requirement 6 - Patches and Scanning and Coding, Oh My!

Information Security - Don't Just Check the Box!

The NIST Cybersecurity Framework Functions - Respond

PCI Requirement 5 - Update and Scan

PCI Requirement 4 – Hide in Plain Sight

WannaCry Lives On! Have we Learned Anything?

The NIST Cybersecurity Framework Functions - Detect

Data Classification - Understanding the Basics

The NIST Cybersecurity Framework Functions- Protect

New Version of the Critical Security Controls Released

Why a Risk Assessment is the Beginning of Security, Not the End!

PCI Documentation - Man's Best Friend!

Online Banking for Businesses – How to protect yourself

PCI Requirement 3 - Don't Store Cardholder Data!!

More Phishing Examples - Tax Scams!

The NIST Cybersecurity Framework - An Overview

The Dangers of a Written Information Security Program (WISP)

How To Prevent Phishing? More Like How To Train Your (Dragon) End-User

Why Have a Dedicated Information Security Officer?

PCI Requirements Explained - PCI Requirement 2 - Change Your Defaults!

SOC 2 Reports - Ready, Set, Go!

Urgent Cisco Vulnerability Identified - What You Need To Know!

PCI Requirements Explained - PCI Requirement 1 - Defending the Wall

PCI Compliance Requirements – January 31st is Quickly Approaching

What is My Password? How About a Passphrase Instead?

The PCI Compliance Checklist - A Tool to Help You Monitor Your Compliance

Ransomware Examples - Locky is Back and Worse Than Ever!

Bluetooth Security - What You Need to Know About the BlueBorne Attack

Federal Contractors and Subcontractors - Complying with NIST 800-171

Beware of Hurricane Harvey Phishing Scams

Urgent Alert - New Spear Phishing Attack

The NIST Cybersecurity Framework - The Detect Function

The NIST Cybersecurity Framework - The Protect Function

Another Day, Another Major Ransomware Outbreak..

Phishing Examples: Even the Security Folks Get Targeted...Again!

The NIST Cybersecurity Framework - The Identify Function

What is the NIST Cybersecurity Framework?

What is PII? Important Distinctions in Information Security

WanaCry Ransomware: A Survival Guide

PCI Compliance Levels: How To Determine What Level You Are

Ransomware Alert: New Strain in the Wild

Phishing Examples: Google Docs Scam

Social Engineering Techniques, the Stealth Bomber, and You!

Why Your Information Security Program Must Evolve...NOW!

What is Social Engineering? Part III

What is PCI Compliance?

What is Social Engineering? The Phishing Email

PCI Compliance Requirements: Some Tools to Help With Requirement 10!

HIPAA Compliance: 5 HIPAA Mistakes to Avoid!

Why You Need an Incident Response Plan....Now!

IT Audit: Because you know I'm all about that Scope, 'bout that scope.

What is Social Engineering? Part I

Phishing Examples - Protect Yourself From Ransomware

Phishing Examples: Grizzly Steppe and What You Need To Know

HIPAA Compliance and Audit Controls - What You Need to Know

The Key to Vendor Management: Truly Knowing Your Vendors!

The Ingredients in a SOC Report

What is HIPAA Compliance? Just the Facts...

The PCI SAQ: Which One is Right for You?

Social Engineering Techniques and How Yahoo Put Us All At Risk

Vendor Management Requirements for Financial Institutions in New York

5 Quick Tips To Help With Information Security

How to Secure WiFi in 5 Simple Steps

What is a PCI ROC? 4 Reasons Why You Need One

Using SOC Reports to Comply with HIPAA

The Importance of IT Policies and Procedures

Ransomware - The Hurricane of Information Security

Cybersecurity Awareness Month - People, Process, and Technology

Infosec and Financial Institutions: New York's Proposed Legislation

The Significance of a (SOC)ket – Illuminating the Controls

Ransomware Update: The FBI is Coming, The FBI is Coming...

How To Find Your Matching SOC Report in a Basket of Wrinkled Guidance

From Brute Force to the Phishing Email: How Hacking Has Changed

IT Security in 2016: Phishing and Ransomware Remain Challenges

Why Your Staff Needs Security Awareness Training Now!

What is Phishing?

Moving From SSAE 16 to SSAE 18....

IT GRC - Compliance

IT GRC - Let's Talk About Risk!

IT GRC - What is IT Governance?

SSAE 16 SOC 2 Report: The 5 Trust Principles

AT 101 SOC 2 Report: What is a Section III?

SSAE 16 SOC 2: Differences Between Type I and Type II Reports

SSAE 16 SOC 2 Reports: How Are They Different From Other SOC Reports?

3 Reasons Why You Need a HIPAA Risk Assessment Right Now

The State of Security: Healthcare Security and a HIPAA Audit

Why You Need an Incident Response Plan Now!

Critical Security Control 19: The Incident Response Plan

Don't Let Ransomware Take Your Money: How an Incident Response Plan Can Help!

Ransomware Alert: Big Business and the Evolution of Phising

PCI Compliance - PCI DSS 3.2 By the Numbers

PCI Compliance - PCI DSS 3.2 is Coming!

Phishing - Even the Security Folks get Targeted Part II

Phishing Emails, Ransomware, and the Government

Phishing Email + Ransomware = $40,000

Information Security Programs: Where to Start?

The HIPAA Risk Assessment - Who Needs One and When?

Phishing Examples: Even the Security Folks Get Targeted

How are Star Wars and the Numbers 1-6 Related?

IT Risk Assessment and the SANS Top 20 - Part IV

SSAE 16 SOC 2 Reports: What Are They?

IT Risk Assessments and the SANS Top 20 - Part III

The SANS Top 20, A Vulnerability Assessment, and Penetration Testing

IT Risk Assessments and the SANS Top 20 - Part II

IT Risk Assessment and the SANS Top 20 - Part I

PCI Compliance - New Requirements for Level 4 Merchants

IT Risk Assessments and the SANS Top 20

Social Engineering - What You Need to Know

Social Engineering - Mitigating Your Risk

IT Security in 2016: What Comes Next?

The HIPAA Risk Assessment: The First Step in a Long Journey

FFIEC Guidance: Revision vs. Update and a Webinar Invitation

IT Security Best Practices: Segregation of Duties

The Best Cyber Monday Gift: A Security Risk Assessment

The Case for the PCI ROC: When to Perform One Over an SAQ

FFIEC Guidance: Significant Changes to the Management Booklet

The Top 5 Reasons You Should Have a Vendor Management Program

What is a Vendor Management Program and Why Should You Care?

PCI Compliance and the Transition to EMV

IT Security vs. Regulatory Compliance: Which One Came First?

IT Risk Assessments: Why Don't Companies Conduct Them?

The Difference Between Vulnerability Scanning and Penetration Testing

IT Security Policies and Procedures: Why You Need Them

Top PCI Compliance Myths Debunked

Healthcare Breaches and the HIPAA Risk Assessment

IT Auditing and IT Risk Assessment: What's the Difference?

Where to Start with PCI Compliance: The PCI Compliance Checklist

What is a PCI ROC?

How Vendor Management Software can help with regulatory compliance

Security Awareness Training is No Joke!

A Key To Your Risk Management Strategy: Cybersecurity Insurance

Security Awareness Training: The First Line of Defense

Cybersecurity Insurance: Think You're Covered?

IT Auditing - Why It's a Smart Investment

Incident Response Management: What Is It and How to Implement It

Your PCI Risk Assessment: Security vs. Compliance

Vendor Management Software: Why You Need It Now

The PCI Risk Assessment: Three Examples of When to Conduct One