Skip to Main Content
All Trimarc services are now delivered through TrustedSec! Learn more

Compliance Risk Assessments

Evaluate and treat risks related to in-scope assets

Stay up-to-date on risk assessment requirements

Risk assessments are required as part of many regulatory and contractual processes, and ISO 27005, NIST 800-30, PCI DSS all include specific practices for performing these assessments. Our risk assessments use specific practices for evaluating and treating risks related to in-scope assets. The ISO 27005 methodology aligns closely with the requirements of ISO 27001, while NIST SP 800-30 methodology is often used to support other federal requirements including NIST SP 800-53, NIST SP 800-171, CMMC, and HIPAA.

Related Links

“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”
Rockie BrockwayDirector of Advisory Innovations

Read Our Blog

Explore current cybersecurity topics on the TrustedSec Security Blog

Blog May 04 2023

Why Risk Assessments are Essential for Information Security Maturity

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…

Read about this article
Blog October 28 2025

Hack-cessibility: When DLL Hijacks Meet Windows Helpers

In preparation for a talk, Jason Lang (@curi0usJack) and I were doing at MCTTP about mining TTPs from VX-underground, we both ended up doing research based on…

Read about this article
Blog October 21 2025

Detecting Password-Spraying in Entra ID Using a Honeypot Account

Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…

Read about this article
Blog October 16 2025

There's More than One Way to Trigger a Windows Service

Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services like Remote Registry and EFS. Learn how they can…

Read about this article
Blog October 10 2025

Skimming Credentials with Azure's Front Door WAF

Your Web Application Firewall (WAF) sees EVERYTHING. In this blog, we demonstrate how an attacker with access to Azure Front Door’s WAF and Log Analytics can…

Read about this article
Blog October 07 2025

PCI P2PE vs. E2EE – Scoping it Out

If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…

Read about this article
Blog October 02 2025

HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules

In this blog, we explain how HIPAA’s Privacy, Security, Breach Notification, and Administrative Rules apply while clearing up common misunderstandings about…

Read about this article
Blog September 30 2025

CMMC NOPE: Why You Don’t Need to be CMMC Compliant

As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…

Read about this article
Blog September 23 2025

HIPAA Business Associates - What’s Your Function?

Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a…

Read about this article
Blog September 16 2025

HIPAA Covered Entities - It’s More Than Just PHI

Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.