.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Vendor Risk Management: Importance of Service Level Agreements
by Andrew Paull on November 13, 2019 at 1:00 PM
Every organization, at one point or another, regardless of maturity, complexity, or business vertical, will have a need to work with a vendor, partner, or client to move business goals forward and maintain functional operations. Although vendors, partners, and clients have different r …
Deciphering the PCI Testing Requirements of PCI-DSS Requirement 11
by Adam Cravedi on November 6, 2019 at 1:00 PM
PCI-DSS Requirement 11: Regularly test security systems and processes As a Qualified Security Assessor (QSA) organization and a security analyst, we receive many questions about meeting the various testing controls outlined within the Payment Card Industry Data Security Standard (PCI- …
Controlling the Boot Process of a Suspect System
by Danielle Corsa on October 30, 2019 at 1:00 PM
Retrieving electronic evidence is an imperative part of any forensic investigation. One must follow a strict set of processes in order to ensure the proper extraction of data and to maintain the integrity of the media, establish chain of custody, and document hash values.
Vendor Management Programs to Prevent Data Disasters
by CJ Hurd on October 23, 2019 at 1:00 PM
If you’ve read any of my prior blog posts, you will know that my background prior to joining Compass IT Compliance included 21 active duty years in the United States Coast Guard. I seem to talk about it quite a bit. One of the perks, depending on where they are sending you, is getting …
Situational Awareness Starts with You!
by Peter Fellini on October 16, 2019 at 1:00 PM
Having situational awareness can get you out of a lot of jams. Let me elaborate on what I mean by that. Have you ever received that annoying phone call from “Macrosoft Support”? This is known as a vishing attack. It’s the practice of eliciting information or attempting to influence ac …
Network Defense - Look at Policies and Training First
by George Seerden on October 9, 2019 at 1:00 PM
I live in two worlds. The first is with Compass IT Compliance where most of our clients are small to medium businesses that don’t have their own security teams in house. The second is with the US Air Force where my only job is to help secure the entire enterprise. I am always blown aw …