.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
IT Risk Assessment and the SANS Top 20 - Part I
by Geoff Yeagley on February 2, 2016 at 10:30 AM
Last week we discussed the SANS Top 20 Critical Security Controls (CSC), what they are, and where they came from. This week we are going to start to dig into a handful of the Critical Security Controls to discuss what they are and why these controls are so important. In fact, industry …
FFIEC Guidance: Revision vs. Update
by Geoff Yeagley on December 8, 2015 at 10:00 AM
When it comes to technology, we hear of terms that are often times confused and interchanged. Some examples of these terms might include Vulnerability Scanning and Penetration Testing. Another example might be the age old debate of Risk Assessment versus Audit. While seemingly similar …
IT Security Best Practices: Segregation of Duties
by Geoff Yeagley on December 4, 2015 at 11:35 AM
We hear the phrase “Segregation of Duties” talked about quite a bit when we talk about IT Security. One reason as to why this is such a talked about and ultimately important topic has to do with the fact that the risks associated with Segregation of Duties often go unnoticed until the …
The Case for the PCI ROC: When to Perform One Over an SAQ
by Geoff Yeagley on November 24, 2015 at 9:18 AM
PCI Compliance can be a challenging initiative to take on, especially if this is a new process for your organization. Depending on the level of merchant or service provider you fall under determines the requirements you must complete to become PCI Compliant. This will either take form …
FFIEC Guidance: Significant Changes to the Management Booklet
by Geoff Yeagley on November 18, 2015 at 10:00 AM
On November 10th, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Management booklet which is a part of the IT Examination Handbook. This is considered a major revision of the booklet and the first one to take place since 2004. As just a quick overview, …
IT Security Policies and Procedures: Why You Need Them
by Geoff Yeagley on September 10, 2015 at 10:54 AM
Policies and Procedures are two of the words that most employees dread to hear, especially when it comes to IT Security. Why does this phenomenon occur? Is it because people don’t want to be told what to do? Is it because people feel as though they are being “micromanaged” when they h …