Compliance Risk Assessments
Evaluate and treat risks related to in-scope assets
Stay up-to-date on risk assessment requirements
Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Read Our Blog
Explore current cybersecurity topics on the TrustedSec Security Blog
Why Risk Assessments are Essential for Information Security Maturity
Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…
PCI DSS, Telephone Payments, and the Problems With VoIP
Merchants have been accepting payment cards over telephones for a long time, but changing interpretations of VoIP guidance have led to confusion about which…
Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem
Same worm, different wave. In our new blog, Director of Security Intelligence Carlos Perez covers Shai-Hulud, how this supply-chain malware can eat your whole…
Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows
1.1 IntroductionRalph is a solid tool that makes agents do…more. It's defined as: an autonomous AI agent loop that runs repeatedly until all PRD items are…
Finding Your Way on the Passkey Path
Ready to ditch passwords for good, but not sure where to start? Introducing Passkey Path, a choose-your-own-adventure guide to transitioning from passwords to…
Slamming the Door on Quick Assist Tech Support Scams and Abuse
Tech support scams are simple by design—just a trusted tool and a convincing story. We break down Microsoft Windows Quick Assist as an attack vector, detection…
GRC in an AI World - Staying in the Fast Lane Without Losing the Race!
Artificial Intelligence (AI) is the new buzz word on the streets. It’s becoming “the best thing since sliced bread” in the IT world and is being used by…
The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the End of Opaque Defense
Everyone is talking about LLMs finding zero days. That is not the only story. The story is what happens when you point these models at the defensive tools…
ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relay
TL;DR - If you have WriteGPLink on an Active Directory Organizational Unit (OU) and you’re on the same network segment as a computer within that OU, you can…
Kerberos with Titanis
In this article, I’ll walk you through the basics of Kerberos, how to use Titanis for the different parts, and how to mitigate some problems.Titanis SetupI use…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
