CSO Compass

Sensible Cyber Security Solutions for your Business

Frequently Asked Questions (FAQ)

Don't forget to check our blog, The Compass^SM, for additional information. Also, if you do not find an answer to your question here, please contact our customer support staff and we'll send you an answer within two business days. Customers can expect a response within one business day.

• Do you provide PCI DSS assessment services?
• What are Information Security Metrics and why should I care?
• Do you do penetration testing?
• What network security services can you provide?
• How can you help my software development group with security?
• How much do your services cost?
• I think I have an information security incident. Can you help?
• What is the Navigator Program?
• I need help writing information security policies for my company. Can you help?
• What is the difference between policy, procedure and practice?
• What is the difference between Cyber Security and Information Security?
• I have offices in London, New York, San Francisco, and Sydney. Can CSO Compass help me?

Do you provide PCI DSS assessment services?

We provide services to prepare you for and help you with your PCI DSS Self-Assessment. We can also provide review of your PCI DSS compliance in preparation for a QSA Assessment.
Back to the top

What are Information Security Metrics and why should I care?

What all of us at CSO Compass have noticed in our past experiences is that a lot of information security advice is very subjective. We can easily come into your company and find fault with a number of information security-related topics.

We've also all experienced the joy of being able to point to real data and say, "look, there's where things went bad and that other graph points to the cause." This data may be the number of failed login attempts or the average time to patch your production systems. Much of this information is relatively easy to capture and provides a more objective basis for decisions.
Back to the top

Do you do penetration testing?

Yes. We can provide penetration testing for your network and applications.
Back to the top

What network security services can you provide?

Our network security experience is broad. We have staff that has architected, designed, implemented, deployed, maintained and reviewed large corporate network infrastructures. We have experience from the border routers through the firewalls and into the individual leaf nodes of the network, whether they be network appliances, web servers, application servers or database servers.
Back to the top

How can you help my software development group with security?

Two of the founders have held positions as VP of development, QA and testing organizations in a number of companies. We also have direct experience in product and program management. All of us have worked as software developers in our past. We have staff that has provided infrastructure and support to development groups.

With this background we have the experience and training to advise and council software development teams and management on all aspects of secure software development.
Back to the top

How much do your services cost?

For the Information Security Program Office service our prices are calculated to be a fraction of a full-time information security employee. For other services our rates are competitive.

If you would like more details on our service offerings, check out our services page or contact our sales department. See the Contact Us page for contact information.
Back to the top

I think I have an information security incident. Can you help?

Yes. If this is an emergency see our Contacts page and contact us immediately.

All of us have been involved in incident response at a variety of companies. We also have staff who have lead incident response training and practices to better prepare staff for incident response.
Back to the top

What is the Navigator Program?

The Navigator Program is a comprehensive service that can provide most of the activities of an information security group for your company or it can augment your CSO's existing staff. See the The Navigator Program for more information.
Back to the top

I need help writing information security policies for my company. Can you help?

The CSO Compass staff has experience in providing or working with customers to develop information security policies. We also have experience in reviewing policies. We have worked in corporate executive and information security positions and have seen both sides of policy development, review and update.
Back to the top

What is the difference between policy, procedure and practice?

A policy is a statement made about how something is accomplished. For example, your Information Security policy might state that every user of your systems must log into your computers as themselves.

The associated procedure might specify how they obtain a user account, how and when they may use it, etc.

The practice is what actually happens. For instance, the CEO's admin may log in as the CEO to screen and read email. In this case the practice is not consistent with the policy and may violate procedure as well.
Back to the top

What is the difference between Cyber Security and Information Security?

The two terms seem to be used interchangably. CyberSecurity is used more in the federal government and business press. Clearly Information Security can be seen as at least a proper subset of Cyber Security. Using the term Cyber Security does seem to indicate that the information in question is computer or network related.
Back to the top

I have offices in London, New York, San Francisco, and Sydney. Can CSO Compass help me?

We have helped customers in Northern and Southern California, the Pacific Northwest, the business centers of Eastern and Central US, and in Europe and the Pacific Rim. CSO Compass can help you with your security needs wherever you do business.
Back to the top