.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Red Team Testing: When Your Organization Is Ready (& Why It Matters)
by Patrick Laverty on September 8, 2025 at 2:15 PM
Cybersecurity testing isn’t a one-size-fits-all process. Different organizations are at different maturity levels, and the type of testing you should be investing in depends on how far along you are in building your defenses. One of the most common questions security leaders face is: …
Security Questionnaires: How to Streamline Responses & Save Time
by Alexander Magid on September 2, 2025 at 1:46 PM
As vCISOs serving organizations across the country, we spend a significant amount of time on both sides of the security questionnaire process. We respond to them on behalf of our clients, and we also issue them as part of vendor risk management programs. The reality is the same in eit …
What Is the Best Approach for Incident Response Planning?
by Adam Lyford on August 8, 2025 at 1:24 PM
Security incidents are no longer a matter of "if" but "when." Organizations must be prepared to respond to cybersecurity events with speed, clarity, and coordination. An effective Incident Response Plan (IRP) provides the structure and processes needed to handle incidents in a way tha …
Cybersecurity Matters: How Small Mistakes Create Big Problems
by Joseph Boisvert on August 1, 2025 at 2:36 PM
Every once in a while, a story hits the headlines that makes cybersecurity professionals shake their heads—not because it's complex or sophisticated, but because it's simple and entirely preventable. One of those stories surfaced recently, involving a breach at McDonald’s that was rep …
Why the ‘CISO’ in Virtual CISO Services Shouldn’t Scare You
by CJ Hurd on July 8, 2025 at 1:00 PM
For many small and midsize businesses, the term Virtual CISO (or vCISO) can be a little off-putting. It sounds big, corporate, and expensive—like something built for Fortune 500 companies, not organizations with lean teams, tight budgets, and practical day-to-day needs. After all, the …
What Is a Managed Security Service Provider (MSSP)?
by Geoff Yeagley on July 1, 2025 at 4:53 PM
As cyber threats continue to evolve and become more sophisticated, organizations across every industry are realizing that protecting their digital assets isn’t just an IT concern—it’s a business imperative. Unfortunately, many companies lack the in-house expertise, tools, or bandwidth …