Derek Boczenowski

Derek Boczenowski

Derek Boczenowski is Chief Architect with Compass IT Compliance. Derek has over 20 years of IT experience in a variety of vertical markets, including financial services, higher education, and state/local government. Prior to joining Compass IT Compliance, Derek was the VP of Technology for a credit union in Massachusetts with approximately $700M in assets under management. With an MBA in Technology Management as well as industry leading certifications, such as being a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE), Derek works with clients of all sizes and in all vertical markets to help them identify gaps in their IT security strategies and provide relevant, attainable solutions to ultimately mitigate their overall risk. Derek has spoken at numerous conferences throughout his career, including the Fiserv national conference and New York Banker’s Association Annual Meeting, and is recognized as a thought leader in the field of information technology and information security.

Posts by Derek Boczenowski

NIST Cybersecurity Framework 2.0 – Key Takeaways

United States Department of Commerce

Last week, the National Institute of Standards and Technology (NIST) unveiled the second version of its Cybersecurity Framework (CSF), marking the first major new updates to NIST CSF since the framework's inception ten years ago. Initiated by Executive Order 13636, the development of …

Read Story

Understanding the Key Differences Between IT Governance & Compliance

Governance and Compliance

In the dynamic landscape of business expansion and evolution, distinguishing between IT governance and compliance becomes not just beneficial, but essential. While both are pillars in safeguarding organizations against a myriad of risks, they differ in their core objectives, methodolo …

Read Story

What is Protected Health Information (PHI)?

What is Protected Health Information (PHI)?

Protected Health Information (PHI) is a key element in healthcare, governed by stringent legal and ethical standards. This blog explores what PHI encompasses, its significance under HIPAA regulations, and the crucial distinction between PHI and electronic PHI (ePHI). The blog also del …

Read Story

Cell Phone Usage at Work & HIPAA Compliance: Uncovering the Risks

HIPAA Cell Phone Usage

The healthcare industry is increasingly embracing mobile technology, integrating smartphones, tablets, and other portable devices into everyday operations across hospitals, clinics, and other workplaces. This shift towards mobile integration, while offering substantial benefits, also …

Read Story

Not Using Multifactor Authentication? Your Days Are Limited!

MFA

Despite the fact the multifactor authentication (MFA) has been around for decades at this point, the majority of both business and personal logins only use it when absolutely necessary. The complaints are well known; it takes too long to login, if I forget my phone or token I can’t lo …

Read Story

PCI DSS v4.0 ROC Changes – Coming Now to an Organization Near You!

A person inserts their credit cared into a card reader

The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is here! It has been released, the documents are available publicly for anyone who would like to read them, and forms for both the 900-pound level 1 Report on Compliance (ROC) and the Self-Assessment Questionnaires …

Read Story

Subscribe by email