.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Physical Security Assessments: Covert Entry vs Escorted Walkthrough
by Patrick Laverty on January 31, 2025 at 1:53 PM
When businesses seek a third-party physical security assessment, they must decide on the most appropriate testing methodology to gauge their security posture. These methodologies may go by several names, but the concepts and approaches often fit into one of two categories: covert entr …
How Can Businesses Stay Updated on Evolving Cybersecurity Threats?
by Nicholas Foisy on January 30, 2025 at 1:00 PM
In today’s interconnected world, cybersecurity threats are more dynamic and pervasive than ever. From ransomware to phishing scams, zero-day vulnerabilities to advanced persistent threats (APTs), the nature of cyber risks is constantly evolving. Businesses, regardless of size or indus …
When SOC 2 Compliance Makes Sense
by Bernard Gallagher on January 28, 2025 at 3:51 PM
In today’s business landscape, security and trust are paramount. SOC 2 compliance has become a widely recognized standard for demonstrating a commitment to protecting sensitive data and maintaining robust security practices. Whether you’re working with enterprise clients, handling cri …
Understanding SOC 2 Compliance & Vendor Management
by William DePalma on January 24, 2025 at 11:59 AM
SOC 2 (System and Organization Controls 2) is a trusted auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It assesses an organization’s information systems against the Trust Services Criteria (TSC): security, availability, processing integr …
What Will Quantum Computing Mean for Passwords & Encryption?
by Nicholas Foisy on January 22, 2025 at 3:30 PM
Quantum computing is one of the most groundbreaking technological advancements of the 21st century. While its potential applications range from solving complex scientific problems to optimizing logistics, its implications for cybersecurity are profound. Specifically, the advent of qua …
Chinese RedNote App Rises Amid TikTok Ban: New Privacy Concerns
by Peter Fellini on January 17, 2025 at 4:17 PM
As TikTok faces a looming ban in the United States, a new player has emerged on the social media stage: RedNote. Known as Xiaohongshu (Little Red Book) in China, RedNote has skyrocketed in popularity, especially among American users seeking alternatives. However, its meteoric rise com …
Understanding DoD Impact Levels for Cloud Security
by Jake Dwares on January 15, 2025 at 12:59 PM
The security of information is a cornerstone of the Department of Defense's (DoD) operations. To safeguard sensitive data, the DoD has developed Impact Levels (ILs), a framework that categorizes information systems based on their sensitivity and the potential impact of a compromise. T …
SAS 145 and IT General Controls: What Organizations Need to Know
by Bernard Gallagher on January 13, 2025 at 2:30 PM
The release of SAS 145 (Statement on Auditing Standards No. 145) represents a significant shift in how auditors evaluate and respond to the risks of material misstatements, particularly in complex IT environments. As IT General Controls (ITGCs) underpin key financial processes and rep …
Leveraging a Virtual CISO (vCISO) for SOC 2 Compliance
by Jeffrey Torrance on January 10, 2025 at 1:00 PM
In the rapidly evolving landscape of cybersecurity and data privacy, achieving and maintaining compliance with industry standards like SOC 2 is critical for businesses of all sizes. However, this process can be daunting, especially for organizations lacking the internal expertise or r …
What is TISAX Assessment Level 2.5 (AL 2.5)?
by CJ Hurd on January 8, 2025 at 2:21 PM
In the realm of automotive and industrial information security, TISAX (Trusted Information Security Assessment Exchange) plays a vital role in standardizing security assessments among partners and suppliers. One of its unique features is the concept of assessment levels, which determi …
Unlocking Higher Education Security: SOC 2 Compliance & Universities
by Jerry Hughes on January 6, 2025 at 3:27 PM
In an era where data security is paramount, universities find themselves grappling with the dual challenge of advancing academic research and protecting sensitive information. From personal student data to cutting-edge research, universities manage vast amounts of sensitive informatio …
Domain Name Server (DNS) Hijacking Defined
by Peter Fellini on January 6, 2025 at 11:43 AM
The Domain Name System (DNS) serves as the backbone of internet communication, translating human-readable domain names into machine-readable IP addresses. Despite its importance, DNS is often targeted by malicious actors due to vulnerabilities that can compromise its integrity. One of …
What Is the OSI Model? 7 Layers Explained
by Peter Fellini on January 3, 2025 at 11:09 AM
Networking can seem like a complex web of processes and protocols, but the OSI model simplifies this by breaking it into well-defined layers. Understanding the OSI model is essential for anyone involved in IT, as it serves as a universal framework for how data is transmitted, processe …
Be Cautious When Following Links on Instagram
by Nicholas Foisy on January 2, 2025 at 2:05 PM
In today's world, Instagram has evolved into more than just a platform for sharing photos and videos. With over a billion active users, it has transformed into a space for networking, marketing, shopping, and even activism. However, with this widespread popularity comes an increasing …