Compliance Risk Assessments
Evaluate and treat risks related to in-scope assets
Stay up-to-date on risk assessment requirements
Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Read Our Blog
Explore current cybersecurity topics on the TrustedSec Security Blog
Why Risk Assessments are Essential for Information Security Maturity
Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…
The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the End of Opaque Defense
Everyone is talking about LLMs finding zero days. That is not the only story. The story is what happens when you point these models at the defensive tools…
ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relay
TL;DR - If you have WriteGPLink on an Active Directory Organizational Unit (OU) and you’re on the same network segment as a computer within that OU, you can…
Kerberos with Titanis
In this article, I’ll walk you through the basics of Kerberos, how to use Titanis for the different parts, and how to mitigate some problems.Titanis SetupI use…
Mythos, Memory Loss, and the Part InfoSec Keeps Missing
InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like…
Dungeons and Daemons
Play Roll for Initiative. Hack the Planet.Dungeons & Daemons is a cybersecurity RPG that drops you into the boots of a Red Team operator on a live…
Benchmarking Self-Hosted LLMs for Offensive Security
We put LLMs to the test—let's find out how good AI is at hacking! We walk through six simple challenges with intentionally naïve setups to test how capable…
IAM the Captain Now – Hijacking Azure Identity Access
I decided to spend some research time diving in depth into Identity and Access Management (IAM) within Microsoft Azure. I am going to show you within this blog…
Building a Detection Foundation: Part 5 - Correlation in Practice
From Data Sources to DetectionWe've covered a lot of ground in this series: Windows Security events for logon tracking and process execution; PowerShell…
Reduce Repetition and Free up Time With Mobile File Extractor
If you do the same thing three times, automate it. Introducing Mobile Data Extractor, a Python tool that handles the repetitive work of mobile app data…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
