.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Not Using Multifactor Authentication? Your Days Are Limited!
by Derek Boczenowski on February 22, 2023 at 2:30 PM
.jpg)
Despite the fact the multifactor authentication (MFA) has been around for decades at this point, the majority of both business and personal logins only use it when absolutely necessary. The complaints are well known; it takes too long to login, if I forget my phone or token I can’t lo …
Making Sense of Data Management
by Jeffrey Torrance on February 9, 2023 at 2:45 PM
.jpg)
Organizations face a prevalence of both internal and external cyber threats. This makes data management one of the most critical components in an organization’s cybersecurity program. From classifying data, to ensuring it is handled with the appropriate security precautions, to ensuri …
Building a Privacy Culture This Data Privacy Week
by Brian Kelly on January 26, 2023 at 1:00 PM
.jpg)
In 2022, data privacy became a hot topic as consumers became more aware of how their data was being tracked and used by companies. This was partly due to the efforts of companies like Apple to educate consumers about their privacy rights.
What Does It Mean to Be CJIS Compliant?
by Kelly O’Brien on December 1, 2022 at 3:00 PM
.jpg)
If your organization is involved with government entities and operations, chances are you have heard of Criminal Justice Information Services (CJIS) compliance. The term is commonly used in law enforcement but can also apply to civil entities.
OWASP Top 10: Why Compliance to OWASP Matters
by Jake Dwares on November 10, 2022 at 1:00 PM
.jpg)
During a recent web application penetration test, my Compass IT Compliance colleague Jesse Roberts was quickly able to identify and exploit a coding vulnerability on a client’s public facing web portal. As part of the engagement, Jesse was initially granted “standard user” access to t …
A Closer Look at PCI DSS v4.0 Vulnerability Scanning Requirements
by Danielle Corsa on November 4, 2022 at 11:00 AM
.jpg)
The Payment Card Industry Data Security Standard (PCI DSS) requires vulnerability scanning of any organization’s network assets. Quarterly network scans are required of all companies to be conducted by a certified third-party Approved Scanning Vendors (ASV) or Qualified Security Asses …