.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Red Team Testing: When Your Organization Is Ready (& Why It Matters)
by Patrick Laverty on September 8, 2025 at 2:15 PM
Cybersecurity testing isn’t a one-size-fits-all process. Different organizations are at different maturity levels, and the type of testing you should be investing in depends on how far along you are in building your defenses. One of the most common questions security leaders face is: …
What Are the Benefits of Conducting Regular Vulnerability Assessments?
by Louis Trout on February 25, 2025 at 12:45 PM
Cyber threats are evolving faster than ever, making security a moving target for organizations of all sizes. Attackers continuously scan for weaknesses, looking for gaps they can exploit. Meanwhile, new vulnerabilities emerge daily due to software updates, misconfigurations, and evolv …
Enhancing Cloud Security Posture Management (CSPM)
by Danielle Corsa on April 19, 2024 at 12:23 PM
In recent years, the rapid adoption of cloud computing has transformed the way businesses operate. With this transformation, however, comes the pressing need to fortify cloud security. Cloud security posture management (CSPM) emerges as a vital solution, encompassing practices and too …
OWASP Top 10: Why Compliance to OWASP Matters
by Jake Dwares on November 10, 2022 at 1:00 PM
.jpg)
During a recent web application penetration test, my Compass IT Compliance colleague Jesse Roberts was quickly able to identify and exploit a coding vulnerability on a client’s public facing web portal. As part of the engagement, Jesse was initially granted “standard user” access to t …
A Closer Look at PCI DSS v4.0 Vulnerability Scanning Requirements
by Danielle Corsa on November 4, 2022 at 11:00 AM
.jpg)
The Payment Card Industry Data Security Standard (PCI DSS) requires vulnerability scanning of any organization’s network assets. Quarterly network scans are required of all companies to be conducted by a certified third-party Approved Scanning Vendors (ASV) or Qualified Security Asses …
Self-Assessment Questionnaire (SAQ) A Changes in PCI DSS v4.0
by Kyle Daun on September 16, 2022 at 2:45 PM
.jpg)
With the recent updates to the Payment Card Industry Data Security Standard (PCI DSS) requirements, many organizations that are currently PCI compliant in accordance with version 3.2.1 may become noncompliant with version 4.0.