Compliance Risk Assessments
Evaluate and treat risks related to in-scope assets
Stay up-to-date on risk assessment requirements
Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Read Our Blog
Explore current cybersecurity topics on the TrustedSec Security Blog
Why Risk Assessments are Essential for Information Security Maturity
Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…
What is Your Compliance Kryptonite?
Understanding PCI DSS requirements and avoiding misinterpretations of security controls can be frustrating for organizations, especially when it comes to…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…
Cybersecurity Policy Enforcement: Strategies for Success
Establishing effective cybersecurity policy enforcement is crucial for maintaining consistency and reducing risk, by soliciting stakeholder feedback, training…
Compliance Abuse: When Compliance Frameworks are Misapplied
TrustedSec helps organizations choose and implement the right compliance frameworks to address their unique needs, from NIST SP 800-53 to ISO 27001, and…
Measuring the Impact of a Security Awareness Program
Measuring the impact of a security awareness program requires identifying key risks and human behaviors, then tracking metrics like Clean Desk and phishing…
Detection and Alerting: Selecting a SIEM
Customizable SIEM solution for mature detections, event correlation, and threat intelligence, with built-in reporting, analytics, and user behavior analytics,…
Maturity, Effectiveness, and Risk - Security Program Building and Business Resilience
Understanding your organization's security posture with actionable value is crucial, addressing vulnerabilities and improving defenses through Validate,…
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
Detect and prevent Windows attack paths using Splunk SPL queries for proactive and reactive defensive operations, including creating new computer accounts,…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
