.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Security Questionnaires: How to Streamline Responses & Save Time
by Alexander Magid on September 2, 2025 at 1:46 PM
As vCISOs serving organizations across the country, we spend a significant amount of time on both sides of the security questionnaire process. We respond to them on behalf of our clients, and we also issue them as part of vendor risk management programs. The reality is the same in eit …
Steps to Prepare Your SOC 2 Compliance Documentation
by Jerry Hughes on August 26, 2025 at 1:42 PM
When it comes to vetting critical third-party service providers to work with, organizations need assurance that these companies have appropriate controls in place to securely execute the services they were contracted to perform. This is where the SOC 2 audit comes in. Few certificatio …
What Are the Best Ways to Prevent Social Engineering Attacks?
by Patrick Laverty on August 20, 2025 at 1:41 PM
When I give speeches or training sessions on social engineering, I always start with a simple mantra: V & V—Verification and Validation. It's not flashy, but it's foundational. My bet is that if you verify and validate everything, no social engineering (SE) attack can succeed. I'v …
What Is the Best Approach for Incident Response Planning?
by Adam Lyford on August 8, 2025 at 1:24 PM
Security incidents are no longer a matter of "if" but "when." Organizations must be prepared to respond to cybersecurity events with speed, clarity, and coordination. An effective Incident Response Plan (IRP) provides the structure and processes needed to handle incidents in a way tha …
Why Is Social Engineering a Threat to Businesses?
by Peter Fellini on August 7, 2025 at 11:00 AM
When most people think of cybersecurity threats, they picture viruses, ransomware, or brute-force attacks hammering away at firewalls. But some of the most effective attacks don’t need advanced code or malware. They just need a willing person to pick up the phone, click a link, or tru …
Cybersecurity Matters: How Small Mistakes Create Big Problems
by Joseph Boisvert on August 1, 2025 at 2:36 PM
Every once in a while, a story hits the headlines that makes cybersecurity professionals shake their heads—not because it's complex or sophisticated, but because it's simple and entirely preventable. One of those stories surfaced recently, involving a breach at McDonald’s that was rep …