Skip to Main Content

Compliance Risk Assessments

Evaluate and treat risks related to in-scope assets

Stay up-to-date on risk assessment requirements

Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.

Related Links

“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”
Rockie BrockwayDirector of Advisory Innovations

Read Our Blog

Explore current cybersecurity topics on the TrustedSec Security Blog

Blog May 04 2023

Why Risk Assessments are Essential for Information Security Maturity

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…

Read about this article
Blog July 02 2026

Inheriting the Receipts: Securing the AI Your Company Already Adopted

The work is not new. The speed is. In this blog, we're outlining how existing security pillars apply to the AI your organization has already adopted; no new…

Read about this article
Blog June 25 2026

Large Workflows with Local LLMs

As it turns out, local LLMs have a few opinions about large workflows. In this blog, we walk through the scaling challenges of local LLMs and the custom Python…

Read about this article
Blog June 18 2026

Modern Web Application Content Discovery

Staring at a web app with no links and no navigation? In this blog, we break down modern content discovery, from forced browsing and web crawling to Google…

Read about this article
Blog June 16 2026

JQ for Hackers

Grey-bearded hackers and sysadmins still reaching for cut and CSV files, this one's for you. In this blog, we break down jq and why it's time to embrace JSON.

Read about this article
Blog June 12 2026

JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants

JavaScript escaped the browser. JS-Tap v3 followed it. In this blog, we introduce three new beacons targeting the Electron apps, browser extensions, and Node…

Read about this article
Blog June 11 2026

Hardening Intune: The Implementation Guide

Now that we've identified the blind spot, here's how to fix it. In Part 2 of our blog series, we deliver a phase-based implementation guide to hardening…

Read about this article
Blog June 09 2026

How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking the Perfect Purple Team

Your analysts are your strongest defenders, but do they have what they need to keep up? In this blog, we break down TrustedSec's Purple Team assessments and…

Read about this article
Blog June 04 2026

The Privileged Roles Nobody Talks About

MDM admins can deploy apps, or wipe every device in your fleet. Yet most treat them like standard IT roles. In Part 1 of this blog series, we break down the…

Read about this article
Blog June 02 2026

CMMC Conditional Status - Contracting Without Compliance

CMMC Conditional Status gives defense contractors breathing room, exactly 180 days of it. In this blog, we break down who qualifies, what's required to achieve…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.